Comprehensive software reviews to make better IT decisions
Prebuilt, Layered Campaign Kits Make Security Awareness and Training a Low-Effort, High-Value Initiative
Infosec now offers campaign kits through its Infosec IQ product: prebuilt campaigns consisting of layered training materials and implementation recommendations. While many vendors are willing to provide guidance on how you should build and deliver your campaign, these kits from Infosec Institute already have that guidance built in. This means even less work for you, along with the knowledge that you are delivering the same training content that other organizations have successfully implemented.
As stated, these kits have layered training material. This means that content is available in multiple forms and all relate back to a central theme. The main content takes the form of short videos, either animated or live action. To support these videos, supplementary training in the form of posters, digital banners, email templates, phishing templates, education pages, and life-size banners are provided. All this content relates back to the main theme of the kit and seeks to reiterate some of the most important points from the main video series.
Infosec Institute provides layered security awareness campaigns. Source: Infosec Institute.
Currently Infosec has three kits available, but let’s look at one example in more detail: a kit called WORKed. This kit includes 12 videos as the main source of content, including a trailer that can be used to tease the content before launch. Each video follows live-action characters in an office setting, re-enacting instances where security is called into question. The videos are short (less than five minutes) and comedic, each video acting as a single episode in a series. Supplementary materials like those described previously are included. They depict certain characters and scenes from the videos to remind end users about the content they watched or to tease upcoming content.
Our Take
Building and delivering a security awareness and training program for the first time should be a low-hanging-fruit initiative: low effort, high reward. Even a small amount of training can greatly increase the security of an organization. However, some organizations simply do not have the time or experience to put together their own campaigns and remain confident that they will be successful. Maybe they should train more frequently, focus less on passwords, or complement every other module with posters, etc. This line of thought is a rabbit hole that can be avoided by using the prebuilt campaigns offered by vendors like Infosec Institute. All you must do is decide the dates when the training is to go out – the vendor takes care of the rest (e.g. providing already-selected content, updating the training, tracking participation). This leaves you to monitor at your leisure the metrics the vendor offers that measure the effectiveness of your program.
These prebuilt, layered campaigns are also valuable to those who already have a training program in place. Due to the short nature of the videos included in these prebuilt campaigns, they can be easily integrated into an existing program. This is especially effective if you are looking to increase the frequency of training, while exploring new training styles.