Public and private institutions have invested in IT to increase their information security. Along with investments, the human factor is dominant. In that sense, countries have also implemented their own Computer Security Incident Response Teams (CSIRTs), whose main objective is to minimize and control the damage in case of a security breach. In the case of the Chilean government, with its CSIRT, they propose new guidelines for IT standards related to cybersecurity in the country’s gaming casinos. This incorporation includes creating internal policies, procedures, protocols, and procurement. The objective of this article is to design a model for creating a cybersecurity awareness and education campaign based on the recommendations of the National Institute of Standards and Technology (NIST) and ISO 27001. The methodology consists of the evaluation of these alternatives and the declaration of 5 preliminary stages. On this occasion, we evaluated the first of them, evaluating all the internal workers of the company to form the subsequent initiatives. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.