Main Nav

Security Awareness Programs - Compliance vs. Impact

I'm very happy to be invited as guest blogger for EDUCAUSE during Security Awareness Month. Over the course of the next couple weeks I and several others will be sharing with you some key lessons learned on how to deploy effective awareness programs. For today I wanted to share with you something I am very passionate about, the difference between compliance and impact. Traditionally most awareness programs have focused on compliance, meeting requirements set down by certain standards. For the edu community this includes standards such as FERPA, GLBA and RFR. Compliance is important, we must ensure that your school meets these standards. Unfortunately though compliance can also be a hinderance, especially when it comes to awareness. Often management's goal is simply to check the box and invest the absolute minimum to achieve compliance, perhaps nothing more then some power point slides once a year. My passion and goal is to see organizations go beyond just compliance and attempt to make a difference, to change behaviors and make people more secure in their daily lives. This is much harder to do. It requires much more planning (such the different groups you want to teach and which behaviors to change) and requires much more resources as this is a long term investment. Just like securing any other operating system, securing people is a life-cycle, a continuous process of updating and reinforcing (just like you patch computers every month). Next post I'll discuss how you can create such a program, one that is both compliant and has an impact.

AUTHOR: Lance Spitzner is Technical Director of SANS Securing The Human program. You can follow him on Twitter @lspitzner or contact him at

Tags from the EDUCAUSE Library


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.


Digital Badges
Member recognition effort
Earn yours >

Career Center

Leadership and Management Programs

EDUCAUSE Institute
Project Management



Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.


EDUCAUSE organizes its efforts around three IT Focus Areas



Join These Programs If Your Focus Is


Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.



2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations

Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.