Security behaviour change requires a clear vision as well as a coordinated strategy to ensure that interventions are consistent, practical and meaningful.
Before embarking on a change programme, however big or small, it is critical that an organisation is clear on the following:
-
The objectives of the change (i.e. the vision or strategy)
-
The size and scale of the change (i.e. the gap between where the organisation is now and where it wants to be)
-
The actions to implement the change (i.e. the interventions)
-
The organisation is ready for the change (i.e. it has the necessary time, resources and buy-in)
-
How to communicate the change to the target audience and other key stakeholders (i.e. the communications strategy)
-
How to review and evaluate the impact of the change (i.e. the measures of success and key performance indicators
