- Blog
- Home
Published on July 07, 2010 by Karen Letain in News
Summer is a great time to take stock of your current awareness program. Review the past year's program and run it through a thorough analysis. Was it relevant to the users? Was the content refreshed with updated security best practices? Is it time to run a quiz and test the current users knowledge base? Perhaps you need to add some videos to the existing program
?
Perhaps it is time to start from scratch and look at a program re-design or a different approach to refresh and revitalize the training program. We recommend looking at new and innovative ways of communicating with your end users. Try getting them involved by running a poster design contest that they can even enroll their kids in with some great prizes and use the posters to really get them involved in the campaign itself. Use large plackards with key anecdotes placed strategically around the building - ie., every minute there are approximately 29 victims of identity theft to increase awareness.
What are you doing to refresh your program this year?
Published on June 21, 2010 by Karen Letain in Other, Planning
Below is the promised Part 2 of the list of free resources. If you need to “freshen” up your existing training or are looking for potentially new ideas for security awareness, some of these links may be helpful. If you have any more you would like to share, we would love to hear about them.
http://csrc.nist.gov/publications/nistpubs/800-16/800-16.pdf - NIST - Information Security Requirements
http://www.iwar.org.uk/comsec/resources/sa-tools/ - Information Warfare Site Resources
http://www.articulate.com/rapid-elearning/9-free-tools-that-help-me-build-better-e-learning/ - great e-learning tools!
http://moodle.org- open source CMS/LMS - if there is anyone out there who still has not discovered this one!
http://elearningtech.blogspot.com/2009/12/elearning-templates-20-resources.html - free elearning templates
http://www.learningsolutionsmag.com - great online magazine with excellent articles and insight
http://www.csoonline.com/article/493941/seven-practical-ideas-for-security-awareness
http://www.csoonline.com/article/221058/ideas-from-security-awareness-survey-respondents - 2006 article which is a bit dated but the ideas still apply today
http://www.gideonrasmussen.com/sectips-full.html - 24 security awareness tips by Gideon T. Rasmussen
Published on June 08, 2010 by Karen Letain in News
When you get it wrong, the signs are painfully clear, but the reasons may not always be obvious. Making that all-important connection with your learners does not happen by accident. When you are putting together a security awareness training solution you need to make it not only interesting but RELEVANT.
If the learner already has knowledge on security topics/issues, why do they then need additional training on the areas they already understand? The mistake often made is that content is developed from the assumption that the learner knows very little and therefore needs to drink from the proverbial "fire hose". This does not have to be the case. Constructing a well thought out quiz delivered prior to content or training to be developed or delivered can eliminate repetitive, boring content that has already been adopted by the learner. A quiz can act as a baseline, identifying gaps in the overall knowledge of the learners. Focus can then be spent on either developing content in the areas of weakness or looking for supplemental online content or reinforcement tools to address the gap. The quiz can then be run again after the training to determine whether or not the learning content was absorbed.
Published on May 17, 2010 by Karen Letain in News, Other
I always love seeing blog entries that contain great resource references. So, I thought I would start one! Here is the start of a list that I decided to start compiling of some really good blogs that contain a ton of resources, tips, tricks and more links. Feel like sharing yours and growing the list?
Around the Corner-MGuhlin.org
Box of Tricks
Creative Teaching
Corporate eLearning Strategies and Development
Custom Training and eLearning Blog
Educational Origami
Experiencing E-Learning
Jane’s E-Learning Pick of the Day
Kirsten Winkler
New Learning Playbook
Rapid eLearning Blog
Sue Waters Blog
Workplace Learning Today
Published on May 08, 2010 by Karen Letain in News
An ideal way to engage learners is through video. As an example of the popularity of video you only need look as far as the website YouTube, which currently has 15 hours of footage uploaded to it by users every minute. Digital technology whether it is mobile, video or computer games has fundamentally reshaped the way most of us connect with, make sense of and engage with society.
We need to understand that most of the younger generation will expect an entirely new type of relationship with the world around them that does not rely on accessing information but on creating new knowledge, resources and products. While core basic skills remain vital, new developments and the increasingly collaborative nature of learning will challenge our existing educational infrastructure.
e-Learning guru Lord Puttman stated that "only by engaging with these new and at times intimidating challenges for the process of teaching and learning - almost all of which are facilitated by digital technology - will we produce a generation of creative learners with a breadth and a depth of understanding capable of dealing with this new incredibly difficult century”. As part of his call for a rethink of traditional educational models Puttnam has made a film entitled We Are The People. It is available free from www.wearethepeoplemovie.com
Published on April 30, 2010 by Karen Letain in News
eLearning plays an extremely important role in terms of sustainability. For those organizations looking to be more sustainable and save costs in the process, eLearning is the best way to improve and expand employee skill sets without having to incur additional travelling costs.
eLearning helps organizations expand training opportunities to more employees in more places. It’s available on-demand, providing instant learning at a moment’s notice. For organization’s looking to impart new security policies to their staff and educate them on new best practices, eLearning is the most efficient and cost-effective method of deployment.
Published on April 19, 2010 by Karen Letain in Marketing and Communications
I was reading Seth Godin’s blog entry today http://sethgodin.typepad.com/ (yes…he is a marketing guru and no he is neither an education psychologist nor does he have a PhD in Education, at least as far as I know). Seth is a best selling author, entrepreneur and agent of change. So what does this have to do with Security Awareness training or any training for that matter? For any corporate training to be adopted by an entire organization you need to understand how to market it effectively.
A sentence that Seth put in his blog today really resonated with me. It is as follows:
If you're having trouble persuading people to buy what you sell, perhaps you should sell something else. Failing that, perhaps you could talk about what you sell in a different way.
This can be applied directly to your security awareness training. Let’s give it a try:
If you're having trouble persuading people to take security awareness training, perhaps it is time to try something else. Failing that, perhaps you could talk about the training in a different way.
Security awareness training is an essential part of an organization’s yearly training regime and if you are facing resistance from end-users in taking the training then perhaps it is time to try some fresh content, videos or even games to make it more enjoyable. If you are currently conducting your awareness training via an instructor-led model, perhaps it is time to look at e-learning or even just add in some video or gaming type exercises into your existing structure.
Published on April 04, 2010 by Karen Letain in Courses, News
A recent article in Frobes on Women Gaming made some interesting links to not only gender based learning but also how we learn and develop skills as individuals. http://www.forbes.com/2010/03/25/women-gaming-video-forbes-woman-time-online.html
The concept of gaming is becoming more accepted in business where it functions as a superb training and operations tool. Videogames are now being used for collaboration and brainstorming as well as performance evaluation. Games based learning is proving to be the new learning tool of the future and it is definitely growing.
Games Based Learning also referred to as "Serious Game" is all about leveraging the power of computer gaiming to captivate and engage end users to develop new knowledge and skills. This type of learning enables users to undertake tasks and experience situations that may be too costly or otherwise impossible.
Although many of the concepts included in end user security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do not require users to think about and apply security concepts. A flexible, highly interactive video game, can support organizational security training objectives while engaging typical users in an engaging security adventure.
However, there are problems with deploying games-based learning for organizations. First, it is difficult to find a generic end-user interactive gaming software for security awareness. Second, the cost of creating such a game internally can be quite high and Third, maintaining and updating the content can be time-consuming and costly.
Published on March 22, 2010 by Karen Letain in Other, Planning
Consistent updates will assist you in managing change throughout the yearly life cycle of your security awareness program. It is imperative that you update your program to ensure that training/ awareness/education deployments do not become stagnant and therefore irrelevant to real emerging issues faced by the organization. A planned and consistent update program will also allow you to address changes in security policy, directives and procedures driven from new threats, technologies or legislation. The following 5 steps we hope will assist you in managing program changes:
1. The awareness program should be continuously updated as new technology and associated security issues emerge. Typical program refresh time is every 12 months but changes in an organization’s policies or new emerging threats might dictate a shorter refresh cycle.
2. New training requirements will emerge as new skills and capabilities become necessary to respond to changes in technology and the overall security landscape. Look at implementing role-based e-learning – ie., manager training for new and existing managers, IT admin training, etc.
3. Changes to the organization’s objectives and/or mission can also affect how to best design training content and methods. Review resources and determine what mix of e-learning/seminar and/or outsourced training is required and balance training methods on both your current resources and budget.
4. Emerging trends and regulations/laws will also impact the type and extend of security awareness activities necessary to keep users educated about the latest threats and best practices.
5. New security directives will also drive the need to update and or explore additional training methods or components.
Published on March 13, 2010 by Karen Letain in News
According to American Medical News in the February 22 edition of their newspaper, one-third of health professionals store patient data on laptops, smartphones and USB memory sticks and only 39% of health care organizations encrypt data on mobile devices.
Provisions in the federal stimulus package have tightened HIPAA notification and enforcement regulations and have made HIPAA violations more costly. For example, the maximum civil penalty from the Dept. of Health and Human Services for a data breach occurring after Feb. 18, 2009, rose from $25,000 to $1.5 million.
Security experts recommend that the data is secured and encrypted making it next to impossible for anyone who happens to find it. More importantly, users of corporate mobile devices need to be educated on the responsibility and security of the devices provided by the organization and the organization's policy on using the devices. Security awareness of the risks inherent in using mobile devices is essential and should be part of a consistent security awareness program.
