RETIRED CONTENTPlease note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.
IT security training is necessary in all organizations, regardless of size, industry, or complexity. Every organization faces IT security risks; it is the degree of training required for the organization's end users that varies. Evaluating the organization and its end users is a key step in determining what training the organization requires. This storyboard will help you achieve a better understanding of end users and their IT security training needs, an outline of the organization's IT security training goals, IT security topics to cover and the delivery method(s) to use, and end-user testing best practices.
IT security training should be kept simple; the least sophisticated end users in the organization must understand and relate to the instruction. Info-Tech studies show that informal and computer-based training are the most successful at improving end-user security performance. Consider building these methods into your training program. The blueprint includes four phases to help you determine appropriateness, identify content, determine how to execute the plan, and implement the program. Each phase is also available for individual download.
- Phase 1: Determine the Appropriateness
- Phase 2: Identify the Content
- Phase 3: Determine How to Execute the Plan
- Phase 4: Implement the Program