Europe: ENISA Contribution to the Blogathon
The Safer Internet Day Blogathon brings together children, teachers and organisations from across the world to share their views on safety over Internet. The Awareness Raising Section of the European Network and Information Security Agency (ENISA) believes as well in the importance of promoting information security and communication technologies that support citizens and equips them with the skills they need to live and work in the knowledge society, as well as the importance of exchanging information between organisations.
To this end, as part of the ENISA Work Programme 2006, the ENISA AR Section has invited the EU and EEA countries to discuss how to raise information security awareness.
The Awareness Raising Unit of ENISA has organised the 2nd Awareness Raising dissemination workshop to foster the sharing and dissemination of the main findings of the Agency in the field of awareness raising within the Member States in October 2006.
The workshop on awareness raising aimed at policy makers responsible or involved in awareness raising activities in their countries. Through a combination of presentations, case studies and panel debates, participants have further explored cutting-edge topics, key issues and emerging good practices in the awareness raising field. Particular attention has been paid to public-private partnerships, SMEs, children, recent and successful government collaborative initiatives with Internet Service Providers (ISPs) aimed at raising awareness among users. Additionally metrics to evaluate effectiveness of awareness programmes have been discussed.
The workshop included several speakers who have provided some of the material used for the compilation of the “Information Security Awareness Programmes in the EU – Insight and Guidance for Members States” document of ENISA. The findings of this report are the result of the analysis of successful practices and measures already underway in the awareness raising field in Europe. The purpose of this document is to provide an overview of the EU awareness programmes and to construct good practice recommendations as well as offering guidance on running awareness raising campaigns. This includes information on metrics and key performance indicators (KPIs). A roadmap has also been put together to show a holistic progress of awareness raising initiatives.
While presenting and analysing the initiatives and efforts of the Member States in the field of awareness raising, several trends and commonalities have been identified:
• The total number of awareness raising initiatives in the EU has slightly risen over the last year
• As in the past, the difference in nature and number of awareness initiatives derives from the different levels of information security understanding and culture within the countries
• Almost every programme in Member State countries targeted the SME and Home User groups
• Awareness raising collaboration is growing with ISPs
• Awareness raising subjects that are growing in coverage include the use of mobile devices and WiFi
• Websites and training remain the most used communication channels to deliver the message as part of any awareness raising initiative
• Media is still primarily being used as a channel of communication, and not as a target
Moreover, several key pre-requisites and actions that are required for a successful awareness raising initiative have been pinpointed:
• The message delivered has to be appealing and perceived as “of value” to the target group - the audience should be properly evaluated with interests, needs and knowledge identified
• Communication channels should be analysed to identify then use the optimal delivery mechanisms - preferred communication channels per target group should be understood and utilised
• Public-private partnerships should be used to leverage synergies to help make sure that the initiative has the resources and expertise to deliver the right message to the right people using the most effective channels
• Multipliers such as teachers and the Media should be used to help increase the scope and coverage of any awareness raising initiative
• Metrics and KPIs should be used to measure the effectiveness of an initiative – lessons learnt through analysis of quantitative and qualitative data can be used to help improve future campaigns
It has been concluded that it is key to:
• Leverage on the experience of other countries as awareness training and campaigns around Europe present a lot of similarities
• Share the knowledge on how to raise information security awareness
• Review and re-use material available in various countries
To this end, ENISA will continue promoting the exchange of information and provide material that could be customised and presented to the Member States to facilitate their work on awareness raising. ENISA and the Member States will intensify their efforts to positively influence the public’s behaviour towards information security, changing the mindset of the human element in order to achieve greater self-awareness recognising the importance of disseminating its findings and recommendations with the Member States.
