Information security awareness campaigns can be a tough act to get right. The biggest challenge faced on this front is that users just can’t accept the need for infosec till things go wrong. Yet another issue is the difficulty of enticing users to take note of the security awareness campaign.
Face it. Information security is a boring aspect for most users. It assumes glamorous proportions only in cases of “Wikileaks”-ian proportions (please excuse the cliche). An industry which infosec professionals can learn from on the awareness campaigns front is the manufacturing vertical — one which has been battling industrial safety issues for many a decade now. Despite the obvious physical safety concerns in this vertical, industry safety campaigns are still a tough act to roll out. Sounds similar to your infosec awareness campaigns, doesn’t it?
Your poster campaigns and infosec champion programs go only so far as the users participate in it. Else they just remain as unnoticed colorful posters on the wall. These will definitely help you get your ISO certs and get the attention of visitors, but achieve nothing practical beyond it. So yes, do spare a thought to making your infosec campaigns a bit more creative and more importantly, practical.
On this front, infosec professional Lucius Lobo has put together a good security strips section on his blog. Will make for an interesting perspective.