1. Encouraging Security Training in a Corporate Environment Lindsey Bertugli

2. Overview  Training  Awareness  Motivation  Summary  Questions

3. Training Implementation StepsTranslation Identify program scope, goals, and objectives. Decide what to teach. Identify training staff.Decide who is teaching it. Identify target audiences.Decide who needs to learn it. Motivate management and employees. Show them what is in it for them. Administer the program.Teach them. Maintain the program.Remind them. Evaluate the program.Decide if it worked.

4. Training Methods  One-on-One – customizable, inefficient  Formal Class – efficient, relatively inflexible  Computer-Based – flexible, expensive  Distance Learning – inexpensive, very inflexible  User Support Group – group learning, very topic specific  On-the-Job – inexpensive, substandard performance  Self-Study – lowest cost, trainee become responsible

5. Awareness  Serves two purposes: Stresses the importance of security to improve the overall attitude within the organization. Reminds users of the procedures they were trained to follow.  Ten Commandments of Information Security Awareness Training (p. 195)

6. Awareness Components  Videos, lectures, and conferences  Computer-based training  Newsletters, brochures, and flyers  Posters, banners, and bulletin boards  Trinket programs

7. Videos, Lectures, and Conferences  Single occurrences  Generally boring and lose people’s attention  Hard to organize  Can be time consuming

8. Computer-based Training  Time consuming  Training software can be expensive  Training software may not be directly tailored to your organization’s needs  May be difficult or aggravating to users who are not comfortable with computers

9. Newsletters, Brochures, and Flyers  Easy to ignore  First impulse is to discard them  Can be expensive to produce

10. Posters, Banners, and Bulletin Boards  Should be maintained and frequently changed  Concise, encouraging, and colorful  Acclimation – process of tuning something out until it blends into the environment and is no longer noticed

11. Motivation  Negative Angry bosses Reprimands Threat of being fired  Positive Satisfaction Reward programs

12. Reward Programs  Usually consist of small objects  Get people’s attention  Generally have some kind of reminder on them  Provide only temporary awareness  Need to be reinforced through other awareness techniques

13. Rewards  Pens and pencils  Coffee mugs, travel mugs, and plastic cups  Hats, t-shirts, and bags  Mouse pads  Sticky notes, clips, and pencil holders  Food  Can be just about anything

14. Summary  Choose a training program and method suitable to your organization’s needs.  Due to acclimation, awareness techniques should be creative, up to date, and changed frequently.  Keep users motivated to maintain a program’s momentum and effectiveness.

15. Questions