search menu icon-carat-right cmu-wordmark

Building a Cybersecurity Awareness Program

This guide provides considerations and best practices for the development and implementation of cybersecurity awareness campaigns and programs.

Software Engineering Institute


Many incident response organizations and teams play a significant role in promoting the cybersecurity awareness of their constituency. There are many factors to consider when developing a cybersecurity awareness program or campaign, including the audience, goals and objectives, and scope of the awareness program or campaign. This guide highlights key considerations and provides process-based applications to be leveraged by Computer Security Incident Response Teams (CSIRTs), Security Operations Centers (SOCs), CSIRTs of National Responsibility, and sector-based CSIRTs, to name a few. This guide also leverages the expertise of the National Institute of Standards and Technology (NIST) and the CSIRT Services Framework developed by the Forum of Incident Response and Security Teams (FIRST) community.