Security Awareness

A Broad Approach for the End User Security Awareness Training

End user security awareness training remains one of the most effective tool to create a barrier against increasing level of phishing and social engineering. As technological measures are getting better, the tricks targetting the end user ar getting more sophisticated. Build-up the security awareness program stays in this context a side measure, adding value to the corporate security strategy to fight tactics having the end-user as a victim. Defining the metrics set, target audience, defining the content and the delivery path.

Metrics can be an effective tool to measure the impact of an end user cyber awareness training program, and can also provide valuable information to keep the security awareness program up-to-date and effective. The metrics used to measure the success of a security awareness program will vary for each organization based on considerations such as size, industry, and type of training.

mindsett security awareness platorm

Mindsett Security Your Human Factor Security Partner ...

With implementation support, custom software applications, and several different types of exercises, we support our customers in creating a culture of security company-wide.

As target audience, the end user security awareness training must be delivered to all staff, the content has to be in accordance with organizational security policy and promote proper data handling throughout the organization, according to each employee role in the organization.

After realizing the content, the persons with responsibilities in the Program execution must always keep in mind that the final goal is the education of attitudes while knowledge transfer is just a vehicle. Therefore, different types of materials and proper actions for dissemination must be considered.

Choosing which materials to use in a security awareness training program, is highly dependent on the organization. Each organization should consider the time, resources, and culture when selecting the materials to use for the security awareness training. In this line, the external providers must understand and adapt the content and actions in the program to each organization. Although non-technical sometimes, in a general awareness trainings the way social engineering attacks are used in the business sector would be a plus to be considered.

End user security awareness training materials should be available for all areas of the organization. Security awareness and training materials can be developed in-house, adapted from a non-profit organization’s work, or purchased from an external vendor. Source and type of materials to be considered:
- Existing general educational content.
- Newsletters.
- Government agencies.
- Materials from a specialized vendor.

As technical channels to make the content available for the end-user: Training materials should be available for all areas of the organization. Security awareness and training materials can be developed in-house, adapted from a non-profit organization’s work, or purchased from an external vendor. Source and type of materials to be considered:
- Computer based training – LMS with metrics available.
- Security awareness materials or multimedia over email.
- Lesson learned delivered over email (pictures of different program violations and short discussions over the potential impact). SMS alerts.
- Test emailing, piggybacking challenges, BYOD violation exercises.
- Phishing simulations.

After collecting and preparing the required security awareness materials, we must make the best use of it, by following certain criteria in implementation. We can start with identifying which segment we want to communicate, and prepare a tracking mechanism to see who completes the training and when measure user’s knowledge, engagement and completeness level of the training over each section. In fewer words: discover gaps.

As very often end user behavior is the cause of security breaches, a full spectrum and a mix of technological and end user security awareness training must be set in place - around this effort, the motivation, involvement opportunities and accomplishment feeling would be a big plus for your end user awareness program training program that will help you and your staff defends your network, systems, mobile devices, and data residing on them.