How to make a successful security awareness training

EDUCATION

By Glib Paharenko on Tue Aug 04 2020

It is not a secret that user security awareness training is a hard and challenging task. We will share with your some tips that facilitate your work. Consider these success factors to boost the effectiveness of you study activities.

Split the user base

At least you have 3 very different categories:

  • TOP management
  • Technical specialists (internal IT staff)
  • Generic user base

The training program should be tailored every user category

Use practical cases/workshops

They mostly work for TOP/CXO positions. Prepare in advance several workshop scripts, final document templates so organization management will focus on the core security activities. Consider the following topics for your workshops:

  • Risk management
  • Incident response
  • Business continuity planning

Study the company technology profile

For IT specialists the generic training might be a bit boring. Get familiar with the company infrastructure and application technology stack. Provide additional hours of training in the areas of:

  • Operations security
  • Security coding
  • Security testing

The more your training is tailored to the customer architecture the more value you will give to him.

Refresh the company policies knowledge

For the generic user base is very important to know the company internal and external regulations. Try to refer to the company policies, standards, procedures in every topic that you're delivering. Key areas to focus are:

  • Information security policy
  • Acceptable use policy
  • Data classification and handling

Conduct the test

Nothing motivates the person as the challenge. Use the formative testing. Craft your questions in such a way that you remind the material. Give the opportunity to go several times through the test to get the required score. In such a way users will study and memorize the important details of the awareness topics.

Perform the social engineering testing as well. We will write a separate post on how to do such kind of testing.

Involve professionals for the awareness training

Our team provides a professional information security awareness training. Contact our sales team for sample programs and discussing project details.

By Glib Paharenko on Tue Aug 04 2020
This website uses cookies to give you the best experience. Terms & Conditions