How to make a successful security awareness training
By Glib Paharenko on Tue Aug 04 2020
It is not a secret that user security awareness training is a hard and challenging task. We will share with your some tips that facilitate your work. Consider these success factors to boost the effectiveness of you study activities.
Split the user base
At least you have 3 very different categories:
- TOP management
- Technical specialists (internal IT staff)
- Generic user base
The training program should be tailored every user category
Use practical cases/workshops
They mostly work for TOP/CXO positions. Prepare in advance several workshop scripts, final document templates so organization management will focus on the core security activities. Consider the following topics for your workshops:
- Risk management
- Incident response
- Business continuity planning
Study the company technology profile
For IT specialists the generic training might be a bit boring. Get familiar with the company infrastructure and application technology stack. Provide additional hours of training in the areas of:
- Operations security
- Security coding
- Security testing
The more your training is tailored to the customer architecture the more value you will give to him.
Refresh the company policies knowledge
For the generic user base is very important to know the company internal and external regulations. Try to refer to the company policies, standards, procedures in every topic that you're delivering. Key areas to focus are:
- Information security policy
- Acceptable use policy
- Data classification and handling
Conduct the test
Nothing motivates the person as the challenge. Use the formative testing. Craft your questions in such a way that you remind the material. Give the opportunity to go several times through the test to get the required score. In such a way users will study and memorize the important details of the awareness topics.
Perform the social engineering testing as well. We will write a separate post on how to do such kind of testing.
Involve professionals for the awareness training
Our team provides a professional information security awareness training. Contact our sales team for sample programs and discussing project details.