Develop a Security Awareness and Training Program That Empowers End Users
Turn end users into your organization’s secret security weapon.
Book This WorkshopImplementing a security awareness and training program without focusing on your end users leads to:
- Training material not being absorbed due to training fatigue.
- A negative attitude towards security born from irrelevant content.
- An increased risk of social engineering attacks being successful.
Making your security awareness and training program human-centric leads to:
- An increased knowledge level in security across all trained end users.
- End users being an active defense against social engineering attacks.
- The development of a strong security culture within the organization.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Book NowModule 1: Outline the Plan for Long-term Program Improvement
The Purpose
- Identify the maturity level of the existing security awareness and training program and set development goals.
- Establish program milestones and outline key initiatives for program development.
- Identify metrics to measure program effectiveness.
Key Benefits Achieved
- Identified the gaps between the current maturity level of the security awareness and training program and future target states.
Activities: | Outputs: | |
---|---|---|
1.1 | Create a program development plan. |
|
1.2 | Investigate and select metrics to measure program effectiveness. |
|
1.3 | Execute some low-hanging fruit initiatives for collecting metrics: e.g. create a knowledge test, feedback survey, or gamification guide. |
|
Module 2: Identify and Assess Audience Groups and Security Training Topics
The Purpose
- Determine the unique audience groups within your organization and evaluate their risks and vulnerabilities.
- Prioritize training topics and audience groups to effectively streamline program development.
Key Benefits Achieved
- Created a comprehensive list of unique audience groups and the corresponding security training that each group should receive.
- Determined priority ratings for both audience groups and the security topics to be delivered.
Activities: | Outputs: | |
---|---|---|
2.1 | Identify the unique audience groups within your organization and the threats they face. |
|
2.2 | Determine the priority levels of the current security topics. |
|
2.3 | Review audience groups and determine which topics need to be delivered to each group. |
|
Module 3: Plan the Training Delivery
The Purpose
- Identify all feasible delivery channels for security training within your organization.
- Build a vendor evaluation tool and shortlist or harvest materials for in-house content creation.
Key Benefits Achieved
- List of all potential delivery mechanisms for security awareness and training.
- Built a vendor evaluation tool and discussed a vendor shortlist.
- Harvested a collection of free online materials for in-house training development.
Activities: | Outputs: | |
---|---|---|
3.1 | Discuss potential delivery mechanisms for training, including the purchase and use of a vendor. |
|
3.2 | If selecting a vendor, review vendor selection criteria and discuss potential vendor options. |
|
3.3 | If creating content in-house, review and select available resources on the web. |
|
Module 4: Create a Training Schedule for Content Deployment
The Purpose
- Create a plan for deploying a pilot program to gather valuable feedback.
- Create an ongoing training schedule.
- Define the end users’ responsibilities towards security within the organization.
Key Benefits Achieved
- Created a plan to deploy a pilot program.
- Created a schedule for training deployment.
- Defined role of end users in helping protect the organization against security threats.
Activities: | Outputs: | |
---|---|---|
4.1 | Build training modules. |
|
4.2 | Create an ongoing training schedule. |
|
4.3 | Define and document your end users’ responsibilities towards their security. |
|