Develop a Security Awareness and Training Program That Empowers End Users

Turn end users into your organization’s secret security weapon.

Onsite Workshop

Implementing a security awareness and training program without focusing on your end users leads to:

  • Training material not being absorbed due to training fatigue.
  • A negative attitude towards security born from irrelevant content.
  • An increased risk of social engineering attacks being successful.

Making your security awareness and training program human-centric leads to:

  • An increased knowledge level in security across all trained end users.
  • End users being an active defense against social engineering attacks.
  • The development of a strong security culture within the organization.

Module 1: Outline the Plan for Long-term Program Improvement

The Purpose

  • Identify the maturity level of the existing security awareness and training program and set development goals.
  • Establish program milestones and outline key initiatives for program development.
  • Identify metrics to measure program effectiveness.

Key Benefits Achieved

  • Identified the gaps between the current maturity level of the security awareness and training program and future target states.

Activities: Outputs:
1.1 Create a program development plan.
  • Customized development plan for program.
1.2 Investigate and select metrics to measure program effectiveness.
  • Tool for tracking metrics.
1.3 Execute some low-hanging fruit initiatives for collecting metrics: e.g. create a knowledge test, feedback survey, or gamification guide.
  • Customized knowledge quiz ready for distribution.
  • Customized feedback survey for training.
  • Gamification program outline.

Module 2: Identify and Assess Audience Groups and Security Training Topics

The Purpose

  • Determine the unique audience groups within your organization and evaluate their risks and vulnerabilities.
  • Prioritize training topics and audience groups to effectively streamline program development.

Key Benefits Achieved

  • Created a comprehensive list of unique audience groups and the corresponding security training that each group should receive.
  • Determined priority ratings for both audience groups and the security topics to be delivered.

Activities: Outputs:
2.1 Identify the unique audience groups within your organization and the threats they face.
  • Risk profile for each identified audience group.
2.2 Determine the priority levels of the current security topics.
  • Priority scores for all training topics.
2.3 Review audience groups and determine which topics need to be delivered to each group.
  • List of relevant security topics for each identified audience group.

Module 3: Plan the Training Delivery

The Purpose

  • Identify all feasible delivery channels for security training within your organization.
  • Build a vendor evaluation tool and shortlist or harvest materials for in-house content creation.

Key Benefits Achieved

  • List of all potential delivery mechanisms for security awareness and training.
  • Built a vendor evaluation tool and discussed a vendor shortlist.
  • Harvested a collection of free online materials for in-house training development.

Activities: Outputs:
3.1 Discuss potential delivery mechanisms for training, including the purchase and use of a vendor.
  • List of available delivery mechanisms for training.
3.2 If selecting a vendor, review vendor selection criteria and discuss potential vendor options.
  • Vendor assessment tool and shortlist.
3.3 If creating content in-house, review and select available resources on the web.
  • Customized security training presentations.

Module 4: Create a Training Schedule for Content Deployment

The Purpose

  • Create a plan for deploying a pilot program to gather valuable feedback.
  • Create an ongoing training schedule.
  • Define the end users’ responsibilities towards security within the organization.

Key Benefits Achieved

  • Created a plan to deploy a pilot program.
  • Created a schedule for training deployment.
  • Defined role of end users in helping protect the organization against security threats.

Activities: Outputs:
4.1 Build training modules.
  • Documented modular structure to training content.
4.2 Create an ongoing training schedule.
  • Training schedule.
4.3 Define and document your end users’ responsibilities towards their security.
  • Security job description template.
  • End-user training policy.

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
GET HELP Contact Us
×
VL Methodology