Planning is the most important stage of any successful information security awareness program, and unfortunately the most overlooked.
You must assess your needs, examine management and culture, set realistic goals for the program, determine and budget, and create a game plan. You can’t do it all at once!
Create a content calendar, release schedule, and an assessment plan. Predetermine how you will host the training, what types of training you’ll use, how much of it will be mandatory, what you’ll give your users in exchange for completing it, etc. Without a plan, your program is destined to fail.