Creating Effective User Awareness Training is based on two key principles:
-
Creating real skill – threat recognition skill – within our whole organisation. We don’t build real skills by making people take tests after we have lectured them nor by conducting clandestine tests to fool them. Skill is created by support and practice
-
Helping information security become coaches rather than lecturers (physical or virtual”). A coach has a personal relationship with those they are trying to develop. They may set challenging targets but they are focused on facilitating everyone to achieve those targets using a process of support, guidance and positive feedback.
In conclusion, Creating Effective User Awareness Training is focused on the design, development and deployment of security education that meets your risk management objectives. There are just too many approaches to creating awareness that are either not fit for purpose or just plain sneaky in their approach.
