I'm noticing a trend in awareness training, one I wanted to share and see if others are seeing the same thing. In general there are two ways to deliver training, what I call Scheduled or On Demand. Scheduled is what you think of for traditional training. A certain time and/or place is set and people … Continue reading Security Awareness Training - Scheduled or On Demand?
I've posted several times about the tremendous value of an active phishing assessment program. Not only does it result in effective behavior change, but based on my experience phishing assessments are positive and a highly engaging way to reach people. In may ways it becomes a challenge of who can 'spot the phish' first, gamifying … Continue reading Tuning the Human Sensor with Phishing Attacks
Continuing our top three trend I wanted to share the top three reasons I see awareness programs fail. By fail I mean they do not have an impact. If compliance is your only goal, this is much simpler to achieve. Having an impact through behavior change is a far greater challenge. 1. No Plan: This … Continue reading Top 3 Reasons Security Awareness Training Fails
I recently took Jeff Frisk's MGT 525 course on project planning. This is a great class to take if you are going to be working on any large scale or long term project, such as a security awareness program. What I liked best about his course is it brings structure to planning such a program … Continue reading Security Awareness Training - Starting With Project Charter
One of the challenges with creating a high-impact security awareness program is how do you reward good behavior? Obviously enforcement is important to any awareness program, but at some point we need to combine that with positive reinforcement. However this is not as simple as it seems, it turns out rewarding good behavior can have … Continue reading How to Effectively Reward Secure Behaviors