Security Awareness Training ◾ 285
Extended Enterprise Approach to Awareness Training—Liz Claiborne, Inc., summarizes the
lessons learned from its deployment of a program dedicated to the issue of domestic violence.
( is is an example of an organization taking security issues out into the extended enterprise, the
personal and work lives of employees.) In the program called “Women’s Work,” which is designed
to generate awareness of the pervasiveness of domestic violence, Liz Claiborne, Inc., states that
its intent is to give back to those who have made the company successful—their consumers and
employees. e primary lessons Liz Claiborne learned from over a decade of running this aware-
ness program are as follows:
Make a genuine commitment to the issue. Liz Claiborne credits the success of the program ◾
to the company’s genuine passion for and commitment to the issue.
Get senior-level buy-in. It is critical to have the support and commitment of senior manage- ◾
ment. In particular, it is helpful to have someone with decision-making authority champion
the cause.
Acknowledge the contribution of all partners. Liz Claiborne makes a concerted eff ort to ◾
recognize the contributions of the nonprofi t partners and acknowledge the benefi ts of part-
nership to the corporation.
Enlist experts. It is important that companies partner with experts in the fi eld when taking ◾
on an issue.
Just as Liz Claiborne successfully linked a security awareness program to its brand both inter-
nally and externally, so too, can security groups link eff orts like Workplace Violence and other
employee awareness issues to organizational core values for the benefi t of employees, consumers,
and the extended enterprise.
Simulations— e military has made use of simulations for thousands of years to better prepare
their forces. Simulations are now used at war colleges, in national emergency preparedness exer-
cises for Top Offi cials (TOPOFF) in government and industry, and in national and international
communities and within private industry and universities. Tabletop exercises are becoming more
common from the CSO level to the fi rst-line security professional as a means of honing responsive-
ness to crisis plans and the like.
CSO magazine, in an article titled “Security Simulations: is Is Only a Test,” written by
Deborah Radcliff , reported on 2004 conferences hosted by Homeland Security and the Secret
Service. ese workshops utilized a two-day simulation for top offi cials in fi nancial, IT, and oil
and gas industries. Simulations now blend both physical and online attacks throughout the expe-
rience, giving respondents the chance to build detailed responses. Although simulations are not
inexpensive to create and implement (they cost $250,000 per session), they are being used increas-
ingly in training people in many aspects of security responsiveness (cybercrime, terrorist attacks,
business continuity, fi rst-responder preparedness, industrial espionage, data protection, and more).
One of the key advantages of simulations is the interagency cooperation that is required in order
to be successful.
Both of us have worked with many vendors to produce various simulations for both national
and international use. e simulations we have worked with have included computer simula-
tions, social gaming simulations, business simulations, virtual simulations, table top, interactive,
immersive, and war gaming simulations. Eric worked for years in a building where multimillion
dollar fl ight simulators were housed for pilots to learn to fl y in various models of airplanes. ose
were amazing simulators to say the least. From our experience, we would underscore the need for
careful planning, budgeting, and beta-testing of simulations prior to roll out. e consistency of
TAF-K11348-10-0301-C014.indd 285TAF-K11348-10-0301-C014.indd 285 8/18/10 3:12:56 PM8/18/10 3:12:56 PM