Security Awareness Blog: Category - Security Awareness Planning

Updates to Security Awareness Maturity Model

As we continue to grow and mature as a community, so to does our tools and resources. As such we have made some minor changes to the Security Awareness Maturity Model to better clarify what each stage is with more precise titles. The steps are the exact same to achieving each level. All we have … Continue reading Updates to Security Awareness Maturity Model


When Employees Don't Change Behavior - Ask Why

As you roll out your security awareness program, or deploy training to change specific behaviors, be prepared for not everyone changing their behaviors. Instead of becoming frustrated by failures or blaming employees, use this opportunity to learn and improve. Ask the individuals why they did not change their behavior. By using a Behavior Model such … Continue reading When Employees Don't Change Behavior - Ask Why


Instructional Design vs. Behavior Design (Which is Better for Awareness)?

Traditionally in the field of security awareness, trainers have looked to the field of instructional design on how to develop their security awareness training. Models such as ADDIE provide a framework that build on how people think and learn. While such models are important, these may not be the only ones that apply to security … Continue reading Instructional Design vs. Behavior Design (Which is Better for Awareness)?


Behavior Model - Helps Explain Why We Can Be So Bad at Awareness

Recently I attended the Human Behavior Design course by Dr. BJ Fogg. One of my key take aways from the course is his Behavior Model and how it applies to security awareness training. By understanding this simple model (I highly recommend you take five minutes to check it out), you begin to understand why so … Continue reading Behavior Model - Helps Explain Why We Can Be So Bad at Awareness


BJ Fogg - Behavior Model / Camp

One of the primary goals of most security awareness programs is to change human behavior. By changing peoples' behaviors we can reduce risk both to themselves and their organization. As we have documented in the Security Awareness Planning Kit, to change human behavior we need to answer three key questions, WHOSE behavior do we … Continue reading BJ Fogg - Behavior Model / Camp