ten easy steps to creating an effective information security outreach and marketing plan multi-state...
TRANSCRIPT
Ten Easy Steps to Creatingan Effective Information Security
Outreach and Marketing Plan
Multi-State Information Sharing and Analysis Center (MS-ISAC)www.msisac.org
Multi-State Information Sharing and Analysis Multi-State Information Sharing and Analysis Center (MS-ISAC)Center (MS-ISAC)
Ten Easy Steps to Awareness!Ten Easy Steps to Awareness!
• Step 1: Unearth Your Baseline • Step 2: Set Goals and Objectives • Step 3: Target Your Intended Audience • Step 4: Reach Out to Your Outreach Channels• Step 5: Make Advocates Out of NaySayers • Step 6: So You’re Not in Sales• Step 7: Sing! Sing! Sing • Step 8: Confront Your Challenges• Step 9: Measure Your Successes • Step 10: Do It All Over Again
Introduction
• Mission– To provide a common mechanism for raising the level
of cyber security readiness and response in each state and with local governments.
• Goal– Improve information security awareness at the State
and local levels nationwide through an increased number of distribution channels.
Purpose
• To lay out a repeatable and approachable process for focusing and executing outreach activates aimed at supporting state and local governments’ cyber security programs. – Benefits
• Build Mature, Repeatable Outreach & Marketing Processes• Organize for Success• Identify Outreach Strengths and Weaknesses• Engage Stakeholders• Leverage Potential Partnerships
What is Outreach & Marketing?
• Outreach– Two-way
communication to:• Reach targeted
audiences• Establish mutual
understanding• Develop relationships• Influence behaviors,
attitudes, and actions
Marketing Research
Who is the audience for a product or service
What are the capabilities of your marketing program
How to let your audience know about information security products and services offered
Strategic Planning• While an important part of
planning outreach activities may revolve around introducing or “rolling out” specific products and services your organization has or will produce, outreach itself is a strategic endeavor.
Challenges & Barriers• Times & Resources
– Information/cyber security often gets placed on the back burner due to everyday fire drills, administrative demands, and other events that stress an already stressed IT office staff. If you are feeling this way, you should recognize two important characteristics of outreach planning.
• Focus & Priority– Information security and
cyber security are serious topics and deserving of proper attention to raise awareness of their importance and expand your influence.
Outreach & Marketing Lifecycle
• Methodology– Make informed
decisions based on thorough research, established priorities, and a common vision.
PlanningStep 1: AssessmentStep 2: GoalsStep 3: Key MessageStep 4: Stakeholders
DevelopmentStep 5: Stakeholder CommitmentStep 6: Tools & Tactics
ExecutionStep 7: Implement the PlanStep 8: Adjustments
Evaluation9 Measure10 Feedback & Re-Assess
Outreach & Marketing Lifecycle
Step 1: Unearth Your Baseline
• Data Collection– Personal Interviews– Benchmarking– Focus Groups– Surveys
Tips Target your audience or
stakeholders. Identify what’s currently being done
in the realm of cyber security. Determine what information needs
to be collected. Determine process to conduct the
data collection. Test the data collection method with
a sample audience. Determine how to provide a
summary of the results.
Determine the Current State of AffairsDetermine the Current State of Affairs
Step 2: Set Goals and Objectives
• Set goals and objectives– What the organization intends
to achieve or to bring about through various activities.
• How do we get there?– Articulate to stakeholders the
intention to achieve an envisioned end state.
– Illustrate what needs to be accomplished and offer insights into how to appropriately direct resources.
– Define your outreach goals clearly.
– Acknowledge that the process starts small, requires constant feeding, and takes time to grow.
Start Small, Feed It, and Watch It GrowStart Small, Feed It, and Watch It Grow
Step 3: Target Your Intended Audience (But Don’t Shoot Them)
• Define who you will be engaging in your outreach activities and what key messages you will deliver. – Audiences are the recipients
of your messages and products, and are influenced by your outreach actions.
• A Key Message is defined as an object of communication, or the information itself. – Themes and messages tailored to
each audience segment to specifically address the unique needs and concerns of each in line with your outreach goals.
– Communicate key messages within an appropriate context to engage stakeholders and convey the right information at the right time.
– Clearly convey your goals and objectives as well as your particular audiences’ role in the outreach process.
Use Key Messages
Step 4: Reach Out To Your Outreach Channels
• Identify Stakeholders– Individuals or organizations
with a legitimate and possible financial interest in a given situation or cause.
• Establish Contacts– Build a list of contacts that
can be reused. • From many already
established resources within your state, such as Internet listings of elected officials, or an existing Information Security Officer list.
Identify Stakeholders in Order to Reach Out To ThemIdentify Stakeholders in Order to Reach Out To Them
Step 5: Make Advocates Out of NaySayers and Non-Believers
• Opinions of outreach audiences will develop as you successively engage each. – Relationship Building– Talk Honestly
• Recognize Phases of Stakeholder Commitment
Overcoming Challenges by Creating Advocates– Overcoming Challenges by Creating Advocates– Stakeholder Commitment and EngagementStakeholder Commitment and Engagement
UNAWARE
- Stakeholders have little or no knowledge of your organization and its mission
AWARE
- Stakeholders are unclear of your mission and how they will be personally affected by your activities
UNDERSTAND
- Stakeholders begin to improve their knowledge of the nature of this initiative and how they “fit in”
BUY-IN
- Stakeholders show signs of approval and demonstrate a willingness to embrace your organization, its mission, and its activities
COMMITMENT
- Stakeholders adopt new practices and perform new processes actively
- Widespread acceptance that implementation of outreach program is beneficial to stakeholders’ success
Step 6: So, You’re Not In Sales – Hit the Road Anyway
• Developing outreach tools and tactics to deliver key messages is a critical element in your approach.
• Tools are devices or mechanisms that help deliver a desired end result in a mission.
• Tactics are conceptual actions used to advance or achieve a specific objective, which can include creative ways to deliver your message.
Outreach and Marketing Tools and TacticsOutreach and Marketing Tools and Tactics
Step 7: Sing! Sing! Sing! Your Plan Like A Mockingbird
• All of the preparation you have done will now be put to good use. Once you have your outreach and marketing plan in place, it is time to spread the word.
• Create a website about information security
• Conduct research to see what might work best for you and your organization.
• Ask partners and stakeholders to place a link on their website to your website
Implement the Outreach and Marketing PlanImplement the Outreach and Marketing Plan
Step 8: Confront Your Challenges
• Make no bones about it; you will be confronted with challenges
• Potential Challenges– Costs– No budget or resources – Trouble establishing a good
relationship with an important stakeholder
– Lack of audience or support to deal with specific issues or problems.
– Culture change – no opening doors
– Still experiencing incidents and breaches.
Spin Them into OpportunitiesSpin Them into Opportunities
Step 9: Measure Your Success
• As you learn what works well and what doesn’t, measure your successes.
• Metrics– Original Survey Results– Achievement of stated
goals and objectives– Other metrics established
• Process Improvement– Investigate and respond
appropriately to metrics
Evaluate Your Marketing & Outreach PlanEvaluate Your Marketing & Outreach Plan
Step 10: Do It All Over Again, But Better
• Find ways to address the gaps and make improvements. – Determine why some of
your strategies are not working; should they be revised or stopped?
• Check the Feedback– Check the feedback
• Are you collecting feedback from targeted audiences effectively?
• Which messages are not being heard or understood?
• Reassess– Make adjustments to your
plan when necessary
Solicit Feedback and Reassess Your StrategySolicit Feedback and Reassess Your Strategy
ConclusionFollow these Ten Easy Steps to Create an Effective
Outreach & Marketing Plan for Information Security
Development
Tools & Tactics
Create Advocates
Execution
Implement Plan
Adjustments
Evaluation
Measure
Feedback & Re-assess
Planning
AssessmentGoals
Key MessagesStakeholders
Acknowledgements
• The MS-ISAC would like to thank the State and Local Government Outreach and Marketing Workgroup developing good practices that can be shared with others to improve information security outreach and marketing programs.
• Workgroup Members include representatives from: Alabama, Alaska, Arkansas, California, Colorado, Florida, Illinois, Iowa, Michigan, Minnesota, Mississippi, Missouri, Nevada, New Jersey, New York, Oregon, Texas, Utah, Virginia, West Virginia, and Wyoming.