Exploring Government Security Awareness Programs: A Mixed-Methods Approach

Organizational security awareness programs are often underfunded and rely on part-time security awareness professionals who may lack sufficient background, skills, or resources necessary to manage an effective and engaging program. U.S. government organizations, in particular, face challenges due to strict security awareness requirements that often result in success being measured by training completion rates rather than impact on employees' attitudes and behaviors. However, no prior research has explored security awareness in the government sector. To address this gap, we are conducting an in-progress, mixed-methods research effort to understand the needs, challenges, and practices of U.S. government security awareness programs. This understanding will inform the creation of resources for security awareness professionals, including examples of successful practices and strategies, lessons learned, and suggestions for building a team having the appropriate knowledge and skills. While focused on the U.S. government, our findings may also have implications for organizational security awareness programs in other sectors.