Develop a Security Awareness and Training Program That Empowers End Users

Turn end users into your organization’s secret security weapon.

RETIRED CONTENT

Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.

Implementing a security awareness and training program without focusing on your end users leads to:

  • Training material not being absorbed due to training fatigue.
  • A negative attitude towards security born from irrelevant content.
  • An increased risk of social engineering attacks being successful.

Making your security awareness and training program human-centric leads to:

  • An increased knowledge level in security across all trained end users.
  • End users being an active defense against social engineering attacks.
  • The development of a strong security culture within the organization.

Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Module 1: Outline the Plan for Long-term Program Improvement

The Purpose

  • Identify the maturity level of the existing security awareness and training program and set development goals.
  • Establish program milestones and outline key initiatives for program development.
  • Identify metrics to measure program effectiveness.

Key Benefits Achieved

  • Identified the gaps between the current maturity level of the security awareness and training program and future target states.

Activities: Outputs:
1.1 Create a program development plan.
  • Customized development plan for program.
1.2 Investigate and select metrics to measure program effectiveness.
  • Tool for tracking metrics.
1.3 Execute some low-hanging fruit initiatives for collecting metrics: e.g. create a knowledge test, feedback survey, or gamification guide.
  • Customized knowledge quiz ready for distribution.
  • Customized feedback survey for training.
  • Gamification program outline.

Module 2: Identify and Assess Audience Groups and Security Training Topics

The Purpose

  • Determine the unique audience groups within your organization and evaluate their risks and vulnerabilities.
  • Prioritize training topics and audience groups to effectively streamline program development.

Key Benefits Achieved

  • Created a comprehensive list of unique audience groups and the corresponding security training that each group should receive.
  • Determined priority ratings for both audience groups and the security topics to be delivered.

Activities: Outputs:
2.1 Identify the unique audience groups within your organization and the threats they face.
  • Risk profile for each identified audience group.
2.2 Determine the priority levels of the current security topics.
  • Priority scores for all training topics.
2.3 Review audience groups and determine which topics need to be delivered to each group.
  • List of relevant security topics for each identified audience group.

Module 3: Plan the Training Delivery

The Purpose

  • Identify all feasible delivery channels for security training within your organization.
  • Build a vendor evaluation tool and shortlist or harvest materials for in-house content creation.

Key Benefits Achieved

  • List of all potential delivery mechanisms for security awareness and training.
  • Built a vendor evaluation tool and discussed a vendor shortlist.
  • Harvested a collection of free online materials for in-house training development.

Activities: Outputs:
3.1 Discuss potential delivery mechanisms for training, including the purchase and use of a vendor.
  • List of available delivery mechanisms for training.
3.2 If selecting a vendor, review vendor selection criteria and discuss potential vendor options.
  • Vendor assessment tool and shortlist.
3.3 If creating content in-house, review and select available resources on the web.
  • Customized security training presentations.

Module 4: Create a Training Schedule for Content Deployment

The Purpose

  • Create a plan for deploying a pilot program to gather valuable feedback.
  • Create an ongoing training schedule.
  • Define the end users’ responsibilities towards security within the organization.

Key Benefits Achieved

  • Created a plan to deploy a pilot program.
  • Created a schedule for training deployment.
  • Defined role of end users in helping protect the organization against security threats.

Activities: Outputs:
4.1 Build training modules.
  • Documented modular structure to training content.
4.2 Create an ongoing training schedule.
  • Training schedule.
4.3 Define and document your end users’ responsibilities towards their security.
  • Security job description template.
  • End-user training policy.

Book this workshop now to accelerate your IT projects

Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
© Info-Tech Research Group | Terms of Use | Privacy Policy