Safelight Develops Blueprint to Align Security Education with Organizational Risk

PROVIDENCE, R.I., Feb. 8, 2011 /PRNewswire/ -- Safelight, a leader in security education, today announced its Security Education Blueprint, a new interactive tool that helps organizations assess the people aspect of their information risk and build a comprehensive security education program that aligns with their particular risk profile.

"Most organizations look solely to technology to address information risk, but technology only solves one part of the problem," said Safelight CEO Rob Cheyne. "People interact with valuable information on a daily basis and each person is in a position to behave in a way that either exposes or protects it.  Security education programs need to address the people and process side of information risk and recognize the potential for employees to be part of the solution."

Safelight's Security Education Blueprint offers a practical, structured approach to beginning or growing a security education program. At the center of the blueprint is a set of self-assessment questions that measure the people aspect of an organization's information risk. After responding to the questions, a user receives a custom blueprint for building an education program that matches the organization's risk profile.

Safelight's Security Education Blueprint considers five functional groups of employees -- general staff, development staff, IT and operations staff, executives and management, and security staff --and defines three program maturity levels for each group. Beyond categorizing staff by their function, the Blueprint acknowledges a more nuanced reality: the behavior of people in the same functional group often represents different levels of risk. Thus, the Blueprint makes specific recommendations for low, moderate and high-risk employees within each staff group.

An organization's risk profile maps to a custom Blueprint that recommends a specific level of education for each of the five functional staff groups. At each level, the Blueprint offers guidance for developing 8 essential components of a well-designed security education program. These components include everything from integration of training into hiring and on-boarding processes to the introduction of communications programs that support training content. At each level, the Blueprint also provides a list of recommended training topics based on the risk levels associated with different roles within the group.

"The Blueprint originated from our work with clients and our fundamental belief that organizations should train and equip every employee to protect information," said Cheyne.  "As with any information security initiative, education programs should be risk-based. A successful program, one that sustainably shifts the way employees think about the value of information and their role in protecting it, is built with a clear understanding of how employees interact with information in their everyday work."

Safelight will showcase the Security Education Blueprint in Booth # 1831 at the RSA Conference 2011 in San Francisco, Calif., February 14-18, 2011.  Companies can view their custom Blueprint at the self-directed interactive kiosks, email it to themselves, and discuss their results with Safelight if desired.

Safelight is also offering special product pricing through March 31. Organizations can train two employees for the price of one when they purchase any of Safelight's on-demand courses for general staff, development teams and IT staff. Register at Safelight's RSA booth (# 1831) or at http://safelightsecurity.com/engage/educate-everyone/ to qualify for the offer and for more details.

About Safelight

Safelight is a leader in security education -- our integration of deep security expertise and innovative approaches to interactive learning sets us apart. We help organizations build comprehensive education programs that go beyond training to measurably shift the way employees think about the value of information and their role in protecting it. We offer a full range of instructor-led and on-demand courses for development, IT and general staff; each role-specific course is part of a larger program designed to cultivate a culture of security across the organization. Learn more at www.safelightsecurity.com.

SOURCE Safelight