security awareness training
Many of our clients need to prepare a business case for security awareness training to present to management. So, we thought it might be helpful if we provide some of the content that you can use for this purpose. A section of the business case will be provided per week. For this entry, we will start with what a typical table of contents would look like for this exercise and I will also provide some sample content for the executive summary section.
A typical business case table of contents...
In many cases, security awareness programs fail because they are not tied to the overall company-wide security policies. In some cases, security policies and therefore security awareness training is not given the proper attention and buy-in required by key stakeholders within the company.
According to www.windowssecurity.com, “The Security Awareness Program can be defined as one of THE key factors for the successful implementation of a company-wide security policy.” Clearly, the goals for any...
I was reading Seth Godin’s blog entry today http://sethgodin.typepad.com/ (yes…he is a marketing guru and no he is neither an education psychologist nor does he have a PhD in Education, at least as far as I know). Seth is a best selling author, entrepreneur and agent of change. So what does this have to do with Security Awareness training or any training for that matter? For any corporate training to be adopted by an entire organization you need to understand how to market it effectively.
A...
A recent article in Frobes on Women Gaming made some interesting links to not only gender based learning but also how we learn and develop skills as individuals. http://www.forbes.com/2010/03/25/women-gaming-video-forbes-woman-time-online.html
The concept of gaming is becoming more accepted in business where it functions as a superb training and operations tool. Videogames are now being used for collaboration and brainstorming as well as performance evaluation. Games based learning is proving...
Consistent updates will assist you in managing change throughout the yearly life cycle of your security awareness program. It is imperative that you update your program to ensure that training/ awareness/education deployments do not become stagnant and therefore irrelevant to real emerging issues faced by the organization. A planned and consistent update program will also allow you to address changes in security policy, directives and procedures driven from new threats, technologies or...
The Computer Security Institute (CSI) released the 14th edition of its annual CSI Computer Crime and Security Survey in December 2009. Insight was gathered from 443 US-based respondents across both public and private sectors.
While respondents indicated they were not extremely happy about any of the technologies being currently used, they did feel that there is still a lack of a comprehensive solution for monitoring and measuring what is going on.
Respondents also expressed even greater...
No matter how effective or strong the information security program may be it is only as effective as the most malicious or incompetent employee. There are numerous examples of businesses that have spent hundreds of thousands incorporating leading-edge technology, procedures, monitory systems, policies and comprehensive training programs, only to have one employee do something that compromised the systems, the data or some business process. While we cannot discount governance and technology, the...
Maximizing what little security budget is left isn't easy but it is possible. Despite the recession, businesses are still investing in security. But, what if your company isn't? There are ways to maximize the security budget you do have and actually increase your security posture. A simple approach can be extremely effective. Here are some recommendations:
1. Review existing security tools and augment with open source
Supplementing your existing IT Security infrastructure can be done via a...
I have talked quite a bit in this blog about successful awareness training program factors, yet, I keep hearing stories from clients and friends about awareness training programs that are just not able to deliver.
The success of a security awareness program really depends upon the delivery of the information and how it is tailored for each audience. Security awareness training should be delivered to end users in each department as well as incorporated into new employee orientation. This can be...
