Security

Are you delivering Information Security training and awareness effectively?

The most effective way to minimise breaches of information security is to maximise staff awareness of risks and to promote good working practice. The information security environment is not a fixed target. Legislation can change or becomes redundant as it is outpaced by developments in technology. There will always be individuals seeking to exploit vulnerabilities in information systems. Many seek to exploit the low hanging fruit; cyber aware staff will discourage them from attacking an organisation.

Kindus make a clear distinction between teaching and learning in our training services. It is not enough to offer training ‘opportunities’ and to assume that completion of a specific module corresponds to a development of user knowledge. Kindus have a range of ways in which we can deliver training sessions with a ‘live’ trainer (optionally delivered on-line), stand alone materials (PowerPoint’s, videos, workbooks) and self paced on-line learning. A poorly designed learning exercise will see the session endured and appropriate responses made while the audience’s attention is far away and little if any knowledge is retained the following day.

At Kindus we understand the need to tailor training to the needs of the business. Real work based examples that can be implemented outside of the teaching session. Multiple choice tests are a popular means of recording understanding. The use of a right or wrong response allows progress to be quantified, which in turn can be used to quantify information security risks more accurately. While this is a good thing in allowing rapid marking and measuring the degree of success there will always be some chance of completion through pure guesswork. If one or more of those answers is clearly irrelevant to the question the chance of successfully guessing increases. Conversely there must be a single answer that is clearly correct. If several answers appear ‘good enough’ then a user who understands the subject will be marked wrong. Where multiple choice questions are to be used in training Kindus will ensure that the questions and responses are relevant to the work environment and do not mislead the user. Additionally we can set open questions where there is no short answer; allowing the user to freely express their understanding.

Kindus will brand training materials to ensure that they are relevant to where they are employed. This is not a case of adding corporate logos and colour schemes to match the recipient’s business. Examples and responses will also be targeted to where the trainee is expected to direct their new cyber skills. This could involve different implementations of the same training subject directed at differing job roles within the same target organisation. We also take into account the existing skill set of the audience; choosing training that will challenge the individual but not prove too complex to master. Training is not seen as a single event put a continuous process of self improvement. We are able to provide sets of linked materials that gradually build up the depth and knowledge of staff in the Information Security field.

Following up on training is essential to ensure that the message is kept alive. At Kindus we can craft refresher messages and provide physical resources such as posters and office furniture (pens, mugs) in theme with the training event.

Leave a comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.