- Blog
- training plan
training plan
Published on March 22, 2010 by Karen Letain in Other, Planning
Consistent updates will assist you in managing change throughout the yearly life cycle of your security awareness program. It is imperative that you update your program to ensure that training/ awareness/education deployments do not become stagnant and therefore irrelevant to real emerging issues faced by the organization. A planned and consistent update program will also allow you to address changes in security policy, directives and procedures driven from new threats, technologies or legislation. The following 5 steps we hope will assist you in managing program changes:
1. The awareness program should be continuously updated as new technology and associated security issues emerge. Typical program refresh time is every 12 months but changes in an organization’s policies or new emerging threats might dictate a shorter refresh cycle.
2. New training requirements will emerge as new skills and capabilities become necessary to respond to changes in technology and the overall security landscape. Look at implementing role-based e-learning – ie., manager training for new and existing managers, IT admin training, etc.
3. Changes to the organization’s objectives and/or mission can also affect how to best design training content and methods. Review resources and determine what mix of e-learning/seminar and/or outsourced training is required and balance training methods on both your current resources and budget.
4. Emerging trends and regulations/laws will also impact the type and extend of security awareness activities necessary to keep users educated about the latest threats and best practices.
5. New security directives will also drive the need to update and or explore additional training methods or components.
Published on December 14, 2009 by Karen Letain in Planning, Reinforcement Tools
I purchased a new pair of runners for my 7 year old and these had laces. I had taught him to tie his shoes in Kindergarten but with most of the shoes and boots having velcro, I did not realize that the lesson taught in Kindergarten did not stick. I was both shocked and dismayed to realize that my Grade 2 child did not know how to tie his shoes! As a parent I also had that wonderful "guilt" feeling that goes along with realizing that I probably didn't do a very good job initially as I was in a rush (as always) and should have probably spent more time having him practice so that he retained the knowledge. I also should have bought him more shoes with laces!
So...how does this relate to security awareness? Like any type of training or learning, if a person does not practice what has been learned it does not get retained. Security awareness is even more difficult since we are ultimately trying to change behavior. Individuals are already set in their ways of performing various job tasks throughout the day. Security awareness is about changing the way in which those tasks are performed. Teaching a security awareness class once a year and providing no other reinforcement or communication on the subject will not sufficiently change behavior of your end users.
Not putting aside enough time as an educator to ensure that your security awareness program is planned and supported properly will lead to additional stress, guilt and ultimately to the failure of the awareness program.
So...what do we do? We must ensure that awareness is done in small bite sized amounts that are easily digestible and then follow up with reinforcement tools or methods - ie., posters, newsletters, video clips, spot checks or walkabout reminders that catch people doing what was taught correctly or not correctly. Providing continuous training throughout the year will aid in retention. Providing rewards and or encouragement for the training being accomplished and for a change in behavior will provide you with a better and more widely accepted security awareness program.
Published on September 21, 2009 by Karen Letain in News
Nobody really likes planning. However, the best way to ensure a successful training program, regardless of the type of training, is to make sure that all the stakeholders in the process adhere to a training plan. In order to make it easier, we have a suggested format for you:
1. Person(s)/Team Writing Plan
2. Sponsors of Plan (could be Executive, Administrative, both or Other)
3. Person(s)/Team Responsible for Execution/Implementation of Plan (Outline Responsibility and Role of each person listed)
4. Key Departments/Staff involved or affected by Plan
5. Background (outline the reason why the training requirement arose, factors influencing the proposed training)
6. Business Requirement
7. Mission/Values/Purpose/Goals for the Plan
8. Scope of Plan
9. Length of Plan
10. Assessment (Provide a brief description of the assessment method used and attach sample assessment methodology)
I would also suggest developing a Training Matrix. This could be done in a table format and should include: training topic, competency addressed, suggested target audience, course name, delivery method and availability as well as priority. The matrix will help to clearly outline the requirements of the training and timelines and keep all stakeholders and developers on task and on target.
