Presentation on theme: "Ten Easy Steps to Creating"— Presentation transcript:
1Ten Easy Steps to Creating Multi-State Information Sharing and Analysis Center (MS-ISAC)Ten Easy Steps to Creatingan Effective Information Security Outreach and Marketing Plan
2Multi-State Information Sharing and Analysis Center (MS-ISAC) Ten Easy Steps to Awareness! Step 1: Unearth Your BaselineStep 2: Set Goals and ObjectivesStep 3: Target Your Intended AudienceStep 4: Reach Out to Your Outreach ChannelsStep 5: Make Advocates Out of NaySayersStep 6: So You’re Not in SalesStep 7: Sing! Sing! SingStep 8: Confront Your ChallengesStep 9: Measure Your SuccessesStep 10: Do It All Over Again
3Introduction Mission Goal To provide a common mechanism for raising the level of cyber security readiness and response in each state and with local governments.GoalImprove information security awareness at the State and local levels nationwide through an increased number of distribution channels.
4PurposeTo lay out a repeatable and approachable process for focusing and executing outreach activates aimed at supporting state and local governments’ cyber security programs.BenefitsBuild Mature, Repeatable Outreach & Marketing ProcessesOrganize for SuccessIdentify Outreach Strengths and WeaknessesEngage StakeholdersLeverage Potential Partnerships
5What is Outreach & Marketing? Two-way communication to:Reach targeted audiencesEstablish mutual understandingDevelop relationshipsInfluence behaviors, attitudes, and actionsMarketingResearchWho is the audience for a product or serviceWhat are the capabilities of your marketing programHow to let your audience know about information security products and services offered
6Strategic PlanningWhile an important part of planning outreach activities may revolve around introducing or “rolling out” specific products and services your organization has or will produce, outreach itself is a strategic endeavor.
7Challenges & Barriers Times & Resources Focus & Priority Information/cyber security often gets placed on the back burner due to everyday fire drills, administrative demands, and other events that stress an already stressed IT office staff. If you are feeling this way, you should recognize two important characteristics of outreach planning.Focus & PriorityInformation security and cyber security are serious topics and deserving of proper attention to raise awareness of their importance and expand your influence.
8Outreach & Marketing Lifecycle MethodologyMake informed decisions based on thorough research, established priorities, and a common vision.Outreach & Marketing LifecyclePlanningStep 1: AssessmentStep 2: GoalsStep 3: Key MessageStep 4: StakeholdersDevelopmentStep 5: Stakeholder CommitmentStep 6: Tools & TacticsExecutionStep 7: Implement the PlanStep 8: AdjustmentsEvaluation9 Measure10 Feedback & Re-Assess
9Step 1: Unearth Your Baseline Data CollectionPersonal InterviewsBenchmarkingFocus GroupsSurveysTipsTarget your audience or stakeholders.Identify what’s currently being done in the realm of cyber security.Determine what information needs to be collected.Determine process to conduct the data collection.Test the data collection method with a sample audience.Determine how to provide a summary of the results.Determine the Current State of Affairs
10Step 2: Set Goals and Objectives What the organization intends to achieve or to bring about through various activities.How do we get there?Articulate to stakeholders the intention to achieve an envisioned end state.Illustrate what needs to be accomplished and offer insights into how to appropriately direct resources.Define your outreach goals clearly.Acknowledge that the process starts small, requires constant feeding, and takes time to grow.Start Small, Feed It, and Watch It Grow
11Step 3: Target Your Intended Audience (But Don’t Shoot Them) Define who you will be engaging in your outreach activities and what key messages you will deliver.Audiences are the recipients of your messages and products, and are influenced by your outreach actions.A Key Message is defined as an object of communication, or the information itself.Themes and messages tailored to each audience segment to specifically address the unique needs and concerns of each in line with your outreach goals.Communicate key messages within an appropriate context to engage stakeholders and convey the right information at the right time.Clearly convey your goals and objectives as well as your particular audiences’ role in the outreach process.Use Key Messages
12Step 4: Reach Out To Your Outreach Channels Identify StakeholdersIndividuals or organizations with a legitimate and possible financial interest in a given situation or cause.Establish ContactsBuild a list of contacts that can be reused.From many already established resources within your state, such as Internet listings of elected officials, or an existing Information Security Officer list.Identify Stakeholders in Order to Reach Out To Them
13Step 5: Make Advocates Out of NaySayers and Non-Believers Opinions of outreach audiences will develop as you successively engage each.Relationship BuildingTalk HonestlyRecognize Phases of Stakeholder CommitmentUNAWARE- Stakeholders have little or no knowledge of your organization and its missionAWARE- Stakeholders are unclear of your mission and how they will be personally affected by your activitiesUNDERSTAND- Stakeholders begin to improve their knowledge of the nature of this initiative and how they “fit in”BUY-IN- Stakeholders show signs of approval and demonstrate a willingness to embrace your organization, its mission, and its activitiesCOMMITMENT- Stakeholders adopt new practices and perform new processes actively- Widespread acceptance that implementation of outreach program is beneficial to stakeholders’ successOvercoming Challenges by Creating Advocates–Stakeholder Commitment and Engagement
14Step 6: So, You’re Not In Sales – Hit the Road Anyway Developing outreach tools and tactics to deliver key messages is a critical element in your approach.Tools are devices or mechanisms that help deliver a desired end result in a mission.Tactics are conceptual actions used to advance or achieve a specific objective, which can include creative ways to deliver your message.Outreach and Marketing Tools and Tactics
15Step 7: Sing! Sing! Sing! Your Plan Like A Mockingbird All of the preparation you have done will now be put to good use. Once you have your outreach and marketing plan in place, it is time to spread the word.Create a website about information securityConduct research to see what might work best for you and your organization.Ask partners and stakeholders to place a link on their website to your websiteImplement the Outreach and Marketing Plan
16Step 8: Confront Your Challenges Make no bones about it; you will be confronted with challengesPotential ChallengesCostsNo budget or resourcesTrouble establishing a good relationship with an important stakeholderLack of audience or support to deal with specific issues or problems.Culture change – no opening doorsStill experiencing incidents and breaches.Spin Them into Opportunities
17Step 9: Measure Your Success As you learn what works well and what doesn’t, measure your successes.MetricsOriginal Survey ResultsAchievement of stated goals and objectivesOther metrics establishedProcess ImprovementInvestigate and respond appropriately to metricsEvaluate Your Marketing & Outreach Plan
18Step 10: Do It All Over Again, But Better Find ways to address the gaps and make improvements.Determine why some of your strategies are not working; should they be revised or stopped?Check the FeedbackCheck the feedbackAre you collecting feedback from targeted audiences effectively?Which messages are not being heard or understood?ReassessMake adjustments to your plan when necessarySolicit Feedback and Reassess Your Strategy
19ConclusionFollow these Ten Easy Steps to Create an Effective Outreach & Marketing Plan for Information SecurityDevelopmentTools & TacticsCreate AdvocatesExecutionImplement PlanAdjustmentsEvaluationMeasureFeedback &Re-assessPlanningAssessmentGoalsKey MessagesStakeholders
20AcknowledgementsThe MS-ISAC would like to thank the State and Local Government Outreach and Marketing Workgroup developing good practices that can be shared with others to improve information security outreach and marketing programs.Workgroup Members include representatives from: Alabama, Alaska, Arkansas, California, Colorado, Florida, Illinois, Iowa, Michigan, Minnesota, Mississippi, Missouri, Nevada, New Jersey, New York, Oregon, Texas, Utah, Virginia, West Virginia, and Wyoming.