Our Blog
New 2011 edition now available – June 2011 We are glad to inform you of the new features and additions our clients benefit from. We are confident you will enjoy them too! • New 2011 edition (Version 9) for users - Available July 2011 Choice of design: animations or photos.To make a link between your awareness tools and increase the reach of your campaign, photos of the course correspond to photos of posters and newsletters • We also added three new online...
Problem:
One of the recurrent questions asked is: How to ramp-up an information security campaign? Sometimes, getting the participation of people just feels like a walk in the desert… Where is everybody!?
The question is complex as there are many factors to consider: If the course is not mandatory or if the high management is not involved, if, if, if… Instead of getting to the root of the problem, let’s talk about a proven ‘’quick fix’’: Efficient follow-ups.
Solution:
All the people who...
One of the very first questions my clients often ask me is: How do I train manual workers with no experience of an e-learning environment or with no computer? I tell them: How about an online training in a classroom environment with a facilitator?
We all have an idea of the benefits of online training versus in class training. Just to name a few:
• The just-in-time access
• The reduced travelling costs
• The increased of consistency
• The general overall reduced cost per...
Terranova Training in partnership with Scotiabank Wins Bronze Brandon Hall Learning Technology Award
Montreal, May 2011 - Terranova Training, a leader in innovative learning, has won a coveted Brandon Hall bronze award for technology excellence in the Best Advance in Learning Management Technology for Compliance Training category.
The course Information Security and Privacy – It’s Everybody’s Business, was submitted by both, Terranova Training and its client, Scotiabank.
The course was launched on July 19, 2010, in two languages, English and French, to almost 40,000 Scotiabank employees in...
Awareness Is Not Training
4 Steps to Behavior Change
Turn your weakest link into your first line of defense
Most security risks are driven in practice by the lack of a well-defined and managed information security (IS) culture, with errors and breaches frequently caused by human error and a failure to follow procedure. Most analysts and information security officers agree that humans are the weakest links of any information security framework.
With adequate behavior change, you can turn your...
I believe all security awareness trainers understand that most end users can’t really be “trained” in how to protect their systems and their corporate networks. However, if all systems are security protected and configured, security awareness training can assist in helping end users understand the security risks and know what mistakes to avoid making.
PCI DSS is primarily focused on technological solutions and most organizations have implemented anti-virus, firewalls, IPS, monitoring and...
Arguably, the most important part of your business case is being able to clearly communicate the costs and benefits of a program. Below is a suggestion for this final part of your business case.
Cost Benefit Analysis
Costs:
To fulfill the required mandate for a security awareness training program, we will need to allocate resources and purchase materials for this purpose. To ensure the program’s success on a long-term basis, we are requesting that a Security Awareness Training Manager be...
This blog entry provides you with a possibility for Section 5 of your business case in which you should discuss how the program will be managed and measured.
Security Awareness Program Management
An information security awareness steering committee will govern the program and will be ultimately responsible for ensuring the program’s success. Yearly, the business case will be reviewed and updates made by the committee. The committee will be responsible for appointing the manager of the...
Further building of the business case should include a review of how you will deliver the awareness program. This blog could be included as Section 4 of your business case.
Delivery Methods
The method of delivery will be dependant upon the overall goals and expectations of the program. Delivering content monthly would be ideal. However, more realistically, content will be delivered on a quarterly basis. An approach that combines communication of the upcoming training topic (via posters,...
As a follow up, to the last post, we are now working on Section 3 of the business case. In this section we review and detail the awareness program content. Here is the suggested sample content for this section:
Awareness Program Content
A robust content list fed to the end user on a monthly or quarterly basis will avoid information overload and will allow flexibility in the program so immediate response to current information security risks can be dealt with. A monthly or quarterly...
- 1 of 7
- ››
