SECURITY AWARENESS & TRAINING PROGRAM
Security Awareness, IT Services
April 30, 2018
An Global organization had detected repeated target attacks of Phishing and Ransomware to the organizations employee and needed help to upgrade their Security Awareness Training to be more modern, relevant, attractive and engaging with the resources that should be taking security awareness training.
Initial request was to evaulate the current security awareness program and propose ways to improve it, include calculations for cost and investments needed for the program and for maintenance. The new awareness should be in fomr of a program, be easy to launch, being effectively measured and contain an annual plan for roll-out. It should also easy to maintain by a internal team of security & communication resources.
The organizations needed an upgrade of their Information Security Awareness Program. A fresch program was seen as an essential asset for the organizations that needed to protect assets and data from within. It required to be based on best practices of security training with intent to help and encourage critical thinking and, also to help individuals to accept and follow a security policy.
The main challenge and goal was to implement an effective and measureable security training program that results in a high return on investment (ROI). The awareness training needed to be online, interactive and engaging. The content needed to be short and easy accessable lessons with some measures of understanding. The employees should be able to choose to take the security awareness training on either workstation, laptop or on a mobile device, in office, 'on the go' or at home.
In collaboration with a project team from the organization, work-shops and brain-storming led to a set of initiatives that were set as the goal for developing and implementing a successful new Security Awarenss Program:
A Security Awareness Program was developed and created ready to be launched. The program was based on recommendations from NIS, SANS and ISO27001.
The program consisted of different courses that every employee and contractor was mandated to take. The course included discussions around security and privacy in regards to our personal devices, passwords in use, phishing attacks, social engineering, suspicious URLs, data leakage, and some general tips for staying safe online.
The program included working from home, when travelling and required secure connectivity for all organizations devices. The design also included the overall strategy to reduce and mitigate the organizations risks and threats.
A reporting function that can confirm how well the awareness program is working was included. The metrics included amount of targeted for security awareness, amount that has participated and an average rate of completed. There was evaluation serveys by trainees, and a trend analysis of number of incidents over time.
IT consulting service with support for development and maintenance in the form of consulting advice with focus on IT and Information Security and Risk Management. Support your adherence to Compliance (legal and regulatory requirements), and leading project implementation of management systems for control of IT and Information Systems (ISMS/LIS)
Get in Touch
© Copyright. All Rights Reserved