How to make a successful security awareness training
By Glib Pakharenko on Tue Aug 04 2020
It is not a secret that user security awareness training is a hard and challenging task. We will share with you some tips that can facilitate your work. Consider these success factors to boost the effectiveness of your study activities.
Split the user base
At least you have 3 very different categories:
- TOP management
- Technical specialists (internal IT staff)
- Generic user base.
The training program should be tailored to each user category.
Use practical cases/workshops
They mostly work for TOP/CXO positions. Prepare several workshop scripts in advance, final document templates, so organization management will focus on the core security activities. Consider the following topics for your workshops:
- Risk management
- Incident response
- Business continuity planning.
Study the company technology profile
For IT specialists the generic training might be a bit boring. Get familiar with the company infrastructure and application technology stack. Provide additional hours of training in the areas of:
- Operations security
- Security coding
- Security testing.
The more your training is tailored to the customer architecture, the more value you will give.
Refresh the company policies knowledge
For the generic user base it is very important to know the company's internal and external regulations. Try to refer to the company policies, standards, procedures in every topic that you deliver. Key areas to focus are:
- Information security policy
- Acceptable use policy
- Data classification and handling.
Conduct the test
Nothing motivates the person as the challenge. Use the formative testing. Craft your questions in such a way that you remind the material. Give the opportunity to go several times through the test to get the required score. In such a way users will study and memorize the important details of the awareness topics.
Perform the social engineering testing as well. We will write a separate post on how to do such kind of testing.
Involve professionals for the awareness training
Our team provides a professional information security awareness training. Contact our sales team for sample programs and project details duscussion.