In a new research report by Ira Winkler and Samantha Manke from Internet Security Advisors Group (ISAG), Fortune 500 information security officers discuss employee education challenges and share practical advice about how to improve employee awareness and education programs. The intent of the report is to help information security departments build effective security awareness and training programs with practical insights on how creative and interactive training methods can be used to increase participation and improve employee behavior modification rates.
One of the author’s recommendations in Habits of Highly Successful Security Awareness Programs: A Cross-Company Comparison is to consider re-structuring the typical one-year security awareness plan. The approach of such plans that attempt to cover one topic a month is ineffective says Winkler and Manke because it “does not allow for feedback or account for ongoing events”. Instead, they found programs that had 90-day implementations and that conducted reevaluation of the program and its goals every 90-days to be the most effective. “The most successful program focuses on three topics simultaneously that are reinforced regularly throughout the 90 days. Every 90 days, the program is reevaluated to determine what topics need to be addressed moving forward.”
Other areas where the Fortune 500 companies are using new approaches to security awareness training that are covered in the new ISAG report include:
- How to obtain C-level support and budget for training programs
- Which departments are critical partners for program success
- How to use metrics to demonstrate positive results
- How to creatively disseminate materials to improve engagement
- What types of training materials and tools are most effective
For more, download a free copy of Habits of Highly Successful Security Awareness Programs: A Cross-Company Comparison from the sponsor of the report, Wombat Security Technologies.
More on how to do a 90-day plan can be found by directly contacting Winkler and Manke via[email protected]