- The fast evolution of the cybersecurity landscape requires security training and awareness programs that are frequently updated and improved.
- Security and awareness training programs often fail to engage end users. Lack of engagement can lead to low levels of knowledge retention.
- Irrelevant or outdated training content does not properly prepare your end users to effectively defend the organization against security threats.
Our Advice
Critical Insight
- One-time, annual training is no longer sufficient for creating an effective security awareness and training program.
- By presenting security as a personal and individualized issue, you can make this new personal focus a driver for your organizational security awareness and training program.
Impact and Result
- Create a training program that delivers smaller amounts of information on a more frequent basis to minimize effort, reduce end-user training fatigue, and improve content relevance.
- Evaluate and improve your security awareness and training program continuously to keep its content up-to-date. Leverage end-user feedback to ensure content remains relevant to those who receive it.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
9.3/10
Overall Impact
$12,359
Average $ Saved
16
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Advisors Excel, LLC
Guided Implementation
9/10
N/A
10
The President and Fellows of Harvard College, a Massachusetts nonprofit corporation, acting by and through Harvard Business School
Guided Implementation
9/10
N/A
N/A
Pueblo Of Isleta
Guided Implementation
10/10
$12,599
20
Kappa Delta Sorority
Guided Implementation
10/10
$3,779
29
iFIT
Guided Implementation
10/10
$10,000
10
Heartland Co-op
Guided Implementation
9/10
$2,519
2
Ipsen Pharma SAS
Guided Implementation
9/10
$31,499
5
Ring Power Corporation
Guided Implementation
8/10
N/A
N/A
Performance Trust Capital Partners
Guided Implementation
10/10
N/A
N/A
Federated Co-operatives Limited
Guided Implementation
10/10
$2,000
5
Public Safety Canada
Guided Implementation
9/10
$50,000
32
Gallagher
Guided Implementation
10/10
$2,479
5
STERIS Corporation
Guided Implementation
10/10
$2,479
5
Fleet Feet Sports
Guided Implementation
10/10
N/A
5
The City of Spruce Grove
Guided Implementation
8/10
$3,000
10
Health Alliance
Guided Implementation
9/10
N/A
10
City Of Durham
Guided Implementation
9/10
N/A
N/A
Selkirk College
Guided Implementation
9/10
$10,000
10
STERIS Corporation
Guided Implementation
10/10
$16,379
90
Gopher Resource
Guided Implementation
10/10
$3,000
2
INTEGRA-CO INC
Guided Implementation
9/10
N/A
2
STERIS Corporation
Guided Implementation
10/10
$12,599
10
Auckland Transport
Guided Implementation
8/10
N/A
N/A
Federated Co-operatives Limited
Guided Implementation
9/10
$7,000
5
Yamana Gold
Guided Implementation
10/10
$25,000
5
Ottawa Police
Guided Implementation
10/10
$25,000
9
County of Nevada
Guided Implementation
9/10
N/A
1
Town Of Marana
Guided Implementation
10/10
$12,733
80
Palm Beach State College
Guided Implementation
10/10
N/A
5
Capital Regional District
Guided Implementation
9/10
$7,000
7
Workshop: Develop a Security Awareness and Training Program That Empowers End Users
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Outline the Plan for Long-term Program Improvement
The Purpose
- Identify the maturity level of the existing security awareness and training program and set development goals.
- Establish program milestones and outline key initiatives for program development.
- Identify metrics to measure program effectiveness.
Key Benefits Achieved
- Identified the gaps between the current maturity level of the security awareness and training program and future target states.
Activities
Outputs
Create a program development plan.
- Customized development plan for program.
Investigate and select metrics to measure program effectiveness.
- Tool for tracking metrics.
Execute some low-hanging fruit initiatives for collecting metrics: e.g. create a knowledge test, feedback survey, or gamification guide.
- Customized knowledge quiz ready for distribution.
- Customized feedback survey for training.
- Gamification program outline.
Module 2: Identify and Assess Audience Groups and Security Training Topics
The Purpose
- Determine the unique audience groups within your organization and evaluate their risks and vulnerabilities.
- Prioritize training topics and audience groups to effectively streamline program development.
Key Benefits Achieved
- Created a comprehensive list of unique audience groups and the corresponding security training that each group should receive.
- Determined priority ratings for both audience groups and the security topics to be delivered.
Activities
Outputs
Identify the unique audience groups within your organization and the threats they face.
- Risk profile for each identified audience group.
Determine the priority levels of the current security topics.
- Priority scores for all training topics.
Review audience groups and determine which topics need to be delivered to each group.
- List of relevant security topics for each identified audience group.
Module 3: Plan the Training Delivery
The Purpose
- Identify all feasible delivery channels for security training within your organization.
- Build a vendor evaluation tool and shortlist or harvest materials for in-house content creation.
Key Benefits Achieved
- List of all potential delivery mechanisms for security awareness and training.
- Built a vendor evaluation tool and discussed a vendor shortlist.
- Harvested a collection of free online materials for in-house training development.
Activities
Outputs
Discuss potential delivery mechanisms for training, including the purchase and use of a vendor.
- List of available delivery mechanisms for training.
If selecting a vendor, review vendor selection criteria and discuss potential vendor options.
- Vendor assessment tool and shortlist.
If creating content in-house, review and select available resources on the web.
- Customized security training presentations.
Module 4: Create a Training Schedule for Content Deployment
The Purpose
- Create a plan for deploying a pilot program to gather valuable feedback.
- Create an ongoing training schedule.
- Define the end users’ responsibilities towards security within the organization.
Key Benefits Achieved
- Created a plan to deploy a pilot program.
- Created a schedule for training deployment.
- Defined role of end users in helping protect the organization against security threats.
Activities
Outputs
Build training modules.
- Documented modular structure to training content.
Create an ongoing training schedule.
- Training schedule.
Define and document your end users’ responsibilities towards their security.
- Security job description template.
- End-user training policy.