Comprehensive Software Reviews to make better IT decisions
Prebuilt, Layered Campaign Kits Make Security Awareness and Training a Low-Effort, High-Value Initiative
Infosec now offers campaign kits through its Infosec IQ product: prebuilt campaigns consisting of layered training materials and implementation recommendations. While many vendors are willing to provide guidance on how you should build and deliver your campaign, these kits from Infosec Institute already have that guidance built in. This means even less work for you, along with the knowledge that you are delivering the same training content that other organizations have successfully implemented.
As stated, these kits have layered training material. This means that content is available in multiple forms and all relate back to a central theme. The main content takes the form of short videos, either animated or live action. To support these videos, supplementary training in the form of posters, digital banners, email templates, phishing templates, education pages, and life-size banners are provided. All this content relates back to the main theme of the kit and seeks to reiterate some of the most important points from the main video series.
Infosec Institute provides layered security awareness campaigns. Source: Infosec Institute.
Currently Infosec has three kits available, but let’s look at one example in more detail: a kit called WORKed. This kit includes 12 videos as the main source of content, including a trailer that can be used to tease the content before launch. Each video follows live-action characters in an office setting, re-enacting instances where security is called into question. The videos are short (less than five minutes) and comedic, each video acting as a single episode in a series. Supplementary materials like those described previously are included. They depict certain characters and scenes from the videos to remind end users about the content they watched or to tease upcoming content.
Building and delivering a security awareness and training program for the first time should be a low-hanging-fruit initiative: low effort, high reward. Even a small amount of training can greatly increase the security of an organization. However, some organizations simply do not have the time or experience to put together their own campaigns and remain confident that they will be successful. Maybe they should train more frequently, focus less on passwords, or complement every other module with posters, etc. This line of thought is a rabbit hole that can be avoided by using the prebuilt campaigns offered by vendors like Infosec Institute. All you must do is decide the dates when the training is to go out – the vendor takes care of the rest (e.g. providing already-selected content, updating the training, tracking participation). This leaves you to monitor at your leisure the metrics the vendor offers that measure the effectiveness of your program.
These prebuilt, layered campaigns are also valuable to those who already have a training program in place. Due to the short nature of the videos included in these prebuilt campaigns, they can be easily integrated into an existing program. This is especially effective if you are looking to increase the frequency of training, while exploring new training styles.
Want to Know More?
Cisco is beginning to lose patience with its Zoom interoperability after another Zoom security risk: access for the Zoom Connector for Cisco hosted on zoom.us did not require authentication, allowing external users to join a Zoom meeting without password credentials.
On October 30, 2019, KnowBe4, a leader in the end-user security training space, was awarded Federal Risk and Authorization Management Program (FedRAMP) approval from the US federal government.
National Cyber Security Alliance Names Habitu8 As Their Official Security Awareness Video Training Partner
For 2019’s National Cybersecurity Awareness Month (NCSAM), the National Cyber Security Alliance (NCSA) has named the security awareness and training vendor Habitu8 its official partner.
Security awareness and training vendor KnowBe4 has added a machine learning module called PhishML to its existing SOAR platform, PhishER.
Trend Micro Partners With NINJIO, InfoSec, GoldPhish, and NextTech Security to Offer Free Training Content
Trend Micro has added training content to its free Phish Insight tool, originally a simple, cloud-based phishing platform. The new training content comes from partnerships with NINJIO, InfoSec, GoldPhish, and NextTech Security.
Avaya’s newly released firmware addresses a vulnerability that has survived for 10 years in VoIP phone models configured with H.323 signaling.
A hacker has compromised 106 million Capital One customers after a data breach. But the real story might be less to do with cloud security itself and more to do with Capital One’s own security engine for cloud services.
Apple has delivered a silent update to Macs, rectifying a security flaw in its Zoom web-conferencing service.
To Combat the Reactive Culture Surrounding New Data Privacy Laws, MediaPRO Releases Training on the CCPA
MediaPRO has taken the lead in the market on offering training around the impending California Consumer Privacy Act (CCPA), a data privacy law set to go into effect on January 1, 2020.