Security Awareness & Training

SELECTED PROJECTS

 SECURITY AWARENESS & TRAINING PROGRAM

Client

Trusted Client


Categories

Security Awareness, IT Services


Completed

April 30, 2018


Project Budget

$75,000


Project length

4 months

Project Details

BACKGROUND


An Global organization had detected repeated target attacks of Phishing and Ransomware to the organizations employee and needed help to upgrade their Security Awareness Training to be more modern, relevant, attractive and engaging with the resources that should be taking security awareness training. 


Initial request was to evaulate the current security awareness program and propose ways to improve it, include calculations for cost and investments needed for the program and for maintenance. The new awareness should be in fomr of a program, be easy to launch, being effectively measured and contain an annual plan for roll-out. It should also easy to maintain by a internal team of security & communication resources.   


Security Awareness &

Training Program

Do you need similar expert help?


Contact Fogel Consulting through the contact form to receive further information and possibility to present your own case and business needs.

CHALLENGE

The organizations needed an upgrade of their Information Security Awareness Program. A fresch program was seen as an essential asset for the organizations that needed to protect assets and data from within. It required to be based on best practices of security training with intent to help and encourage critical thinking and, also to help individuals to accept and follow a security policy.


The main challenge and goal was to implement an effective and measureable security training program that results in a high return on investment (ROI).  The awareness training needed to be online, interactive and engaging. The content needed to be short and easy accessable lessons with some measures of understanding. The employees should be able to choose to take the security awareness training on either workstation, laptop or on a mobile device, in office, 'on the go' or at home.

SOLUTION


In collaboration with a project team from the organization, work-shops and brain-storming led to a set of initiatives that were set as the goal for developing and implementing a successful new Security Awarenss Program: 


  •  Short 1-3 minutes lessons on selected obejectives;
    •  Introduction
    •  Objective
    •  Test quiz
    •  Evaluation 


  •  Phase 1 launch 12 lessons, phase 2 additonal 12;
    •  Current and important subjects 
    •  Interactive modules
    •  Understand how own worlk affect security
    •  Importance of speaking up / reporting 


  • In-House Posters on various topics that followed the organizations standard and recognition


  • Have fundamental lessons and additional per resources work objectives (role based security awareness)


  • Have repeatable model built in and re-useable for new employees and contractors


  • Include Gaming activities for further interaction 


  • Optional add-on with videos  


  • Followed up with security awareness tests

RESULT


A Security Awareness Program  was developed and created ready to be launched. The program was based on recommendations from NIS, SANS and ISO27001.


The program consisted of different courses that every employee and contractor was mandated to take. The course included discussions around security and privacy in regards to our personal devices, passwords in use, phishing attacks, social engineering, suspicious URLs, data leakage, and some general tips for staying safe online.


The program included working from home, when travelling and required secure connectivity for all organizations devices. The design also included the overall strategy to reduce and mitigate the organizations risks and threats.


A reporting function that can confirm how well the awareness program is working was included. The metrics included amount of targeted for security awareness, amount that has participated and an average rate of  completed. There was evaluation serveys by trainees, and a trend analysis of number of incidents over time.