Security awareness from the moon

A few days ago, I was privy to the first quarterly Security Awareness Newsletter distributed by a large corporate organisation for the digestion of a globally dispersed workforce. By all accounts the content had been decided, written and designed by their Information Security Group, with reviews and editing by their US-based legal department – a process that apparently took 6 months to complete – before the edition went out by email…

Now, I don’t know about you but I reckon the average Information Security professional knows as much about marketing, design, and effective communications as a coffee table knows about the origins of life, the universe and everything. I also reckon that in a multiple choice exam on the subject of global marketing, the answer “d) distribute all content in English-American after being reviewed and amended for audience acceptability by an American lawyer” probably doesn’t score you maximum points. You end up with content so dry and devoid of life that it might have fallen from the moon.

The main problem I see is that said newsletter doesn’t appear to have a purpose other than to tick a box which says “security awareness campaign.” If that’s the only goal then consider the box ticked but I doubt it’s of much use.