An excellent article below shares challenges in creating an effective security awareness program.  Security professionals must adjust for differing audiences to effectively communicate dangers and best practices throughout the company.  The key challenge is to present risks and safety practices in business terms or other ways that are more clearly understood

IT security, I’ve learned, is a tight-knit community of people who “get it” — that ethical security research is an essential part of the industry, that signatures are no longer enough, that a certain amount of risk is inherent in any enterprise security plan. Certain themes are accepted as truth, certain cost/benefit ratios are accepted as conventional wisdom. We argue over strategies, but we agree on most of the basic principles. When you’re at a security conference, it’s sort of like living in your home town

When we move outside of our own circles, however, we members of the security community often find ourselves on unfamiliar ground. Here at Interop, for example, an audience of CIOs and data center professionals consider security an important plank in the IT platform — but not the only consideration. Issues of business, bandwidth, performance, and storage play just as important a role as security — and priorities may differ according to the situation. Security messages and practices must be taken in the context of a broader pallette of IT disciplines.

If we want security issues to be recognized by the world, we’ll have to step out of our community — and our comfort zone — and bring our most important messages to more general IT and business audiences. A home town is a great place to live, but it only reaches so far.