Many people have asked me why I wanted to write a book on building an information security awareness program. While everyone knows having one is a great idea, no one really knows where to start. The purpose of this book is to lay out a plan to build a program from the ground up and then look at some way to measure the effectiveness of the program once it's in place.
This book is meant to be a roadmap. One size won't always fit all, and there may be different routes to achieving the same goals in your organization. As I built information security awareness programs, I realized that documenting what I was doing and how I was doing it might be valuable to others who might need such information.