Humanize the Security Awareness and Training Program

If it’s not human-centric, you’re not training your humans.

Unlock

This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • The fast evolution of the cybersecurity landscape requires security training and awareness programs that are frequently updated and improved.
  • Security and awareness training programs often fail to engage end users. Lack of engagement can lead to low levels of knowledge retention.
  • Irrelevant or outdated training content does not properly prepare your end users to effectively defend the organization against security threats.

Our Advice

Critical Insight

  • Your security training is not creating education, it’s creating information fatigue and, therefore, not getting absorbed.
  • By presenting security as a personal and individualized issue, you can make this new personal focus a driver for your organizational security awareness and training program.

Impact and Result

  • Create a training program that delivers smaller portions of information on a more frequent basis to minimize effort, reduce end-user training fatigue, and improve content relevance.
  • Evaluate and improve your security awareness and training program continuously to keep its content up to date. Leverage end-user feedback to ensure content remains relevant to those who receive it.

Humanize the Security Awareness and Training Program

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should humanize your security awareness and training program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.


3

Build a reporting system and continuously update the training program

Discover the most effective methods for improving a training program after each iteration.

Onsite Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess the Maturity Level of the Current Security Culture

The Purpose

  • Identify the maturity level of the existing security awareness and training program and set future target states.
  • Determine the unique audience groups within your organization and evaluate their risks and vulnerabilities.
  • Prioritize training topics and audience groups to effectively streamline program development.

Key Benefits Achieved

  • Identified the gaps between the current maturity level of the security awareness and training program and future target states.
  • Created a comprehensive list of unique audience groups and the corresponding security training that each group should receive.
  • Determined priority ratings for both audience groups and the security topics to be delivered.

Activities:
Outputs

1.1

Select your executive champion.

  • Executive champion support

1.2

Evaluate your end users’ current knowledge.

  • Knowledge of end users’ current knowledge level

1.3

Assess the maturity of your current awareness and training program.

  • Maturity score of current training program

1.4

Identify your user groups and their corresponding topics.

  • Chart of audience groups and the security topics that each needs to receive

1.5

Analyze your organization’s current IT environment and set a target state.

  • List of risks and vulnerabilities for each audience group

1.6

Set a minimum security awareness level and prioritize your topics.

  • List of prioritized training topics

Module 2: Plan the Training Delivery

The Purpose

  • Identify all feasible delivery channels for security training within your organization.
  • Establish program milestones and outline key initiatives for program development.
  • Create an ongoing training schedule.

Key Benefits Achieved

  • Outlined a detailed plan for program development, including a timeline for planned initiatives and initiative ownership assignment.
  • Created a schedule for training deployment.

Activities:
Outputs

2.1

Refine your approach to training.

2.2

Identify available delivery methods.

  • A list of delivery methods to use for training deployment

2.3

Build an implementation timeline and training schedule.

  • A schedule for completing program initiatives and a schedule for delivering training sessions to the organization

2.4

Create customized training materials.

  • Customized training materials

Module 3: Outline the Plan for Long-Term Program Improvement

The Purpose

  • Define the end users’ responsibilities towards security within the organization.
  • Document results gathered from previous workshop modules.
  • Create a plan for deploying a pilot program to gather valuable feedback.

Key Benefits Achieved

  • Defined role of end users in helping protect the organization against security threats.
  • Finalized security awareness and training program manuals.
  • Created a plan to deploy a pilot program.

Activities:
Outputs

3.1

Create accountability for your end users.

  • A customized definition of end-user responsibility towards security within your organization

3.2

Document and evaluate your training program.

  • A training manual containing all information regarding your training program

3.3

Design a pilot program.

  • A plan for deploying a pilot program capable of harvesting valuable feedback for improving your program