Develop a Security Awareness and Training Program That Empowers End Users
Turn end users into your organization’s secret security weapon.
- The fast evolution of the cybersecurity landscape requires security training and awareness programs that are frequently updated and improved.
- Security and awareness training programs often fail to engage end users. Lack of engagement can lead to low levels of knowledge retention.
- Irrelevant or outdated training content does not properly prepare your end users to effectively defend the organization against security threats.
Our Advice
Critical Insight
- One-time, annual training is no longer sufficient for creating an effective security awareness and training program.
- By presenting security as a personal and individualized issue, you can make this new personal focus a driver for your organizational security awareness and training program.
Impact and Result
- Create a training program that delivers smaller amounts of information on a more frequent basis to minimize effort, reduce end-user training fatigue, and improve content relevance.
- Evaluate and improve your security awareness and training program continuously to keep its content up-to-date. Leverage end-user feedback to ensure content remains relevant to those who receive it.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
9.3/10
Overall Impact
$12,159
Average $ Saved
13
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Advisors Excel, LLC
Guided Implementation
9/10
N/A
10
Great info and resources and team did a good job of assisting us with our initial roll out plan.
The President and Fellows of Harvard College, a Massachusetts nonprofit corporation, acting by and through Harvard Business School
Guided Implementation
9/10
N/A
N/A
Ian was great...he helped me think about some of the things we had as 'pie in the sky' targets and bring some examples of how we might realize them.
Pueblo Of Isleta
Guided Implementation
10/10
$12,999
20
Great to rely and speak with such knowledgeable advisor.
Kappa Delta Sorority
Guided Implementation
10/10
$3,779
29
The honest assessment of our current situation and allowing for the discussion to take place to get to decision-making.
iFIT
Guided Implementation
10/10
$10,000
10
Heartland Co-op
Guided Implementation
9/10
$2,519
2
Ipsen Pharma SAS
Guided Implementation
9/10
$31,499
5
Ian is clearly experienced and pragmatic in his approach to our topic. He offered real-world examples and practical steps we could take. This was... Read More
Ring Power Corporation
Guided Implementation
8/10
N/A
N/A
Just an intro call to the topic so not sure about the savings at this point.
Performance Trust Capital Partners
Guided Implementation
10/10
N/A
N/A
Ian had great ideas and overall was very helpful. 10/10 would definitely seek help from him again.
Federated Co-operatives Limited
Guided Implementation
10/10
$2,000
5
Public Safety Canada
Guided Implementation
9/10
$50,000
32
Gallagher
Guided Implementation
10/10
$2,479
5
This is a terrible way to measure this Guided Implementation! The templates given as part of the blueprint were decent starting points, but the ... Read More
STERIS Corporation
Guided Implementation
10/10
$2,479
5
Ian is very knowledgeable. He has solid input that he can back up with research and always puts me in the right direction.
Fleet Feet Sports
Guided Implementation
10/10
N/A
5
It was hard early on to explain the lack of IT in our organization, and how lack of budget and the general "ask your IT department" guidance in mos... Read More
The City of Spruce Grove
Guided Implementation
8/10
$3,000
10
Health Alliance
Guided Implementation
9/10
N/A
10
The material Ian was able to provide and the experience
City of Durham
Guided Implementation
9/10
N/A
N/A
Relevant insights on the topic were discussed. This will enable me deploy an efficient Cyber Security Awareness campaign that aligns with best prac... Read More
Selkirk College
Guided Implementation
9/10
$10,000
10
Ian's diverse knowledge helped me with my projects immensely. He always has great advise, is very patient and easy to understand. Ian provided me... Read More
STERIS Corporation
Guided Implementation
10/10
$16,379
90
Ian is great to work with. He understands the needs of the customer and works with them to manage an effective program. He knows how to explain the... Read More
Gopher Resource
Guided Implementation
10/10
$3,000
2
INTEGRA-CO INC
Guided Implementation
9/10
N/A
2
STERIS Corporation
Guided Implementation
10/10
$12,599
10
Ian does a phenomenal job understanding the needs of STERIS, how we are looking to grow our Security Awareness program, and developed tools and met... Read More
Auckland Transport
Guided Implementation
8/10
N/A
N/A
Ian gave great direction after understanding where we are placed with our current security awareness program.
Federated Co-operatives Limited
Guided Implementation
9/10
$7,000
5
Yamana Gold
Guided Implementation
10/10
$25,000
5
The Analysts on the calls were very good at understanding my needs and providing recommendations and tools specific for my situation. Difficul... Read More
Ottawa Police
Guided Implementation
10/10
$25,000
9
I found Ian's knowledge to be very comprehensive in the area of Security Awareness training. Ian had very good insight into the value of the compan... Read More
County of Nevada
Guided Implementation
9/10
N/A
1
Ian listened and provided helpful suggestions
Town Of Marana
Guided Implementation
10/10
$12,733
80
Ian was amazing! His knowledge on the subject-area allowed us to go with a product we otherwise would have never known about. I was able to demo ... Read More
Palm Beach State College
Guided Implementation
10/10
N/A
5
Ben was very helpful and knowledgeable about the subject matter of “Humanize the Security Awareness and Training Program.”
Capital Regional District
Guided Implementation
9/10
$7,000
7
Ian is very knowledgeable and was able to assist me by providing best practice solutions to some of the issues that I have run into when implementi... Read More
Workshop: Develop a Security Awareness and Training Program That Empowers End Users
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Outline the Plan for Long-term Program Improvement
The Purpose
- Identify the maturity level of the existing security awareness and training program and set development goals.
- Establish program milestones and outline key initiatives for program development.
- Identify metrics to measure program effectiveness.
Key Benefits Achieved
- Identified the gaps between the current maturity level of the security awareness and training program and future target states.
Activities
Outputs
Create a program development plan.
- Customized development plan for program.
Investigate and select metrics to measure program effectiveness.
- Tool for tracking metrics.
Execute some low-hanging fruit initiatives for collecting metrics: e.g. create a knowledge test, feedback survey, or gamification guide.
- Customized knowledge quiz ready for distribution.
- Customized feedback survey for training.
- Gamification program outline.
Module 2: Identify and Assess Audience Groups and Security Training Topics
The Purpose
- Determine the unique audience groups within your organization and evaluate their risks and vulnerabilities.
- Prioritize training topics and audience groups to effectively streamline program development.
Key Benefits Achieved
- Created a comprehensive list of unique audience groups and the corresponding security training that each group should receive.
- Determined priority ratings for both audience groups and the security topics to be delivered.
Activities
Outputs
Identify the unique audience groups within your organization and the threats they face.
- Risk profile for each identified audience group.
Determine the priority levels of the current security topics.
- Priority scores for all training topics.
Review audience groups and determine which topics need to be delivered to each group.
- List of relevant security topics for each identified audience group.
Module 3: Plan the Training Delivery
The Purpose
- Identify all feasible delivery channels for security training within your organization.
- Build a vendor evaluation tool and shortlist or harvest materials for in-house content creation.
Key Benefits Achieved
- List of all potential delivery mechanisms for security awareness and training.
- Built a vendor evaluation tool and discussed a vendor shortlist.
- Harvested a collection of free online materials for in-house training development.
Activities
Outputs
Discuss potential delivery mechanisms for training, including the purchase and use of a vendor.
- List of available delivery mechanisms for training.
If selecting a vendor, review vendor selection criteria and discuss potential vendor options.
- Vendor assessment tool and shortlist.
If creating content in-house, review and select available resources on the web.
- Customized security training presentations.
Module 4: Create a Training Schedule for Content Deployment
The Purpose
- Create a plan for deploying a pilot program to gather valuable feedback.
- Create an ongoing training schedule.
- Define the end users’ responsibilities towards security within the organization.
Key Benefits Achieved
- Created a plan to deploy a pilot program.
- Created a schedule for training deployment.
- Defined role of end users in helping protect the organization against security threats.
Activities
Outputs
Build training modules.
- Documented modular structure to training content.
Create an ongoing training schedule.
- Training schedule.
Define and document your end users’ responsibilities towards their security.
- Security job description template.
- End-user training policy.
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Need Extra Help?
Speak With An Analyst
Get the help you need in this 2-phase advisory process. You'll receive 4 touchpoints with our researchers, all included in your membership.
Guided Implementation 1: Develop your training program
- Call 1: Build a development plan for your training program.
- Call 2: Learn best practices for the execution of development initiatives.
Guided Implementation 2: Design an effective training delivery plan
- Call 1: Identify possible delivery methods.
- Call 2: Create a training schedule.
Contributors
- Sky Sharma, CIO
- Adrien de Beaupré, Certified Instructor and Penetration Tester, SANS Institute
- Robert Hawk, Information Security Expert, xMatters, Inc.
- Steven Woodward, CEO, Cloud Perspectives
- Riddhi Patel, Information Security Analyst, National Life Group
- Blair Panasiuk, Manager of IT Operations, Dynalife
- Erich Salie, Information Security Officer
- David Shipley, Director of Strategic Initiatives, University of New Brunswick
- Paul Daley, Sr. Analyst for Security Management, Risk and Audit, Toronto District School Board
- Glen Maxfield, IT Security Manager, Workers Compensation Board of Manitoba
Design and Implement a Business-Aligned Security Program
Build an Information Security Strategy
Secure Operations in High-Risk Jurisdictions
Develop a Security Awareness and Training Program That Empowers End Users
Build, Optimize, and Present a Risk-Based Security Budget
Hire or Develop a World-Class CISO
Fast Track Your GDPR Compliance Efforts
Build a Cloud Security Strategy
Identify the Components of Your Cloud Security Architecture
Security Priorities 2022
2020 Security Priorities Report
Manage Third-Party Service Security Outsourcing
Select a Security Outsourcing Partner
Improve Security Governance With a Security Steering Committee
The First 100 Days as CISO
Determine Your Zero Trust Readiness
Cost-Optimize Your Security Budget
Threat Preparedness Using MITRE ATT&CK®
Build a Zero Trust Roadmap
Security Priorities 2023
Security Priorities 2024