Published on June 08, 2010 by Karen Letain in News
When you get it wrong, the signs are painfully clear, but the reasons may not always be obvious. Making that all-important connection with your learners does not happen by accident. When you are putting together a security awareness training solution you need to make it not only interesting but RELEVANT.
If the learner already has knowledge on security topics/issues, why do they then need additional training on the areas they already understand? The mistake often made is that content is developed from the assumption that the learner knows very little and therefore needs to drink from the proverbial "fire hose". This does not have to be the case. Constructing a well thought out quiz delivered prior to content or training to be developed or delivered can eliminate repetitive, boring content that has already been adopted by the learner. A quiz can act as a baseline, identifying gaps in the overall knowledge of the learners. Focus can then be spent on either developing content in the areas of weakness or looking for supplemental online content or reinforcement tools to address the gap. The quiz can then be run again after the training to determine whether or not the learning content was absorbed.
Published on June 19, 2009 by Karen Letain in News
Rolling out a large Information Security Awareness Training Program can be an incredibly daunting task. Especially, if you have to ensure that your efforts are measurable in order to meet industry standards or adhere to legislation.
Let’s face it, you can’t measure the number of times employees look at the security awareness posters you just put up in the coffee room or in the elevator and how the heck do you measure the impact of a banner on the company intranet? Did it really change the outcomes and behaviors of the employees?
And what about that 1.5 hour live training session? Did anyone actually listen and has implemented the recommendations?
If your budget has been cut and you can’t afford an online training component with a back-end LMS to track and provide reporting functions then start small and try the following techniques:
1. After your live training sessions, walk around and measure the impact by talking to employees and asking questions.
2. At lunch, do “walk-by’s”. Check to see if employees are leaving their desks without adhering to the “clean desk” policy and have left their laptops unlocked, etc. If so, create some friendly reminder cards to place on their desks as reinforcement.
3. Pick a month a year and do a “security awareness month” combine short videos with games and posters that supplements your regular yearly ongoing training programs.
4. Provide incentives (if possible – even an apple, chocolate bar, etc) for those you catch doing the “right” thing when it comes to being security aware.
The key is to track all of these items. Start a spreadsheet and track the number of employees talked to per month, the number of incidents discovered in the walk-by’s and the number of employees caught doing something correctly. Create some nice monthly graphs with the data and provide them to management so they know you are on top of the security awareness issue.
