The goals of a successful security awareness program should be simple. The program should stress common sense and emphasize caution where it is needed. A program should be considered successful if it meets the following conditions:

Individual faculty, staff, and students are aware of risks to the confidentiality, integrity, and availability of data, and know how to protect data.

When there are valid reasons for suspecting theft, damage, or misuse of data, the individual knows what to do (who to contact and how).

At UNC-Chapel Hill, the Information Security Office seeks to achieve the goals of a successful security awareness program and has made significant progress in achieving those goals, as demonstrated by the linked items below.

Define the nature of sensitive material
Specify employee, student, and contractor responsibilities
Relate other computer security concerns, including malware, phishing, social engineering, and risks
Specify proper methods for protecting sensitive information on computer systems
Provide guidance through policies
Understand consequences of failure to properly protect information

Information Technology Services at UNC-Chapel Hill

Information Security

Goals of a Successful Security Awareness Program

Resources