Recently for a leading bank we created an Information Security Induction training video that gave an overview of their security policies and procedures. To make the course interesting, we used scenarios and interactions that engages the learner. We are happy to share this course and it will be great to receive feedback to help us improve further.
To play video, click here.
Root cause analysis may be a boring subject. But, it can be made super interesting by adding some cool touches. We created an awesome training video using ants, an ant eater and a river crossing to teach root cause analysis.
Click here to play the video.
We had great fun producing this cool video with an oriental theme with awesome images and music. The learner also has the option to select an Avatar and play himself/ herself in the course. This security awareness training video covers some important fundamentals of information security.
Click here to play video.
It is not difficult to make security awareness training a continuous process by delivering short and sweet security awareness training modules regularly.
This video focuses on the importance of keeping white boards clean in 5 simple steps. The advantage of these type of modules is that they don’t occupy much time but occupies a larger mind space.
Click on the image below or click here.
Information Security Quotient (ISQ)
A presentation that I took recently for a top management group that focuses on the human factor in information security. The presentation focuses on,
1. Why people make security mistakes
2. How security decisions made by people are influenced by “Perception”
3. How ISMS can be improved by influencing the “feeling of security”
You can also click here: http://www.slideshare.net/NarayananAnup/the-difference-between-the-reality-and-feeling-of-security
These thoughts were inspired by an article by Bruce Schneier titled “The Psychology of Security” – http://www.schneier.com/essay-155.html
Do drop me a note if you wish to discuss more on this.
I believe the term “information security awareness” is incomplete. It must be “information security awareness and competence”. This is because “awareness” is only half the job. You are making the employee learn important information security policies, fundamentals etc. But that is only half the job. After teaching the employee must also prove that they are applying what they have learn correctly. How do you do this?
This is where the organization must look at the human factor in Information Security as a whole and create a comprehensive plan that addresses both awareness and competence. This plan must have,
1. An awareness program
2. An awareness assessment program
3. A competence assessment program
I have created a short video tutorial where you will learn important fundamentals in less than 3 minutes. Click on the image or the link below.
Security awareness messages can be packaged in various ways to give the learner a great experience. The more exciting and interesting the experience, higher the impact of learning and recall.
Recently we did a security awareness video prototype using a F1 Racing Car theme, with elements of interactivity built-in to ensure that the learner participated along the way. The feedback was very positive and happy to share the video.
Click here to play the video.
Who doesn’t like comics? After all we grew with them. The bright colors, the amazing characters, the thrill and suspense….it was amazing. My favs were Phantom and Tarzan.
While going the memory lane, I thought a comic book based theme will be a good idea for a security awareness video.
Check this out. Click on the image or URL below.
Let me know what you think.
Recently for promoting the “Certified Security Awareness and Competence Manager” training program in Kuala Lumpur, Malaysia, I created a promotion video using the 007 James Bond theme along with the title music from Bond films. I decided to make a generic cut of the video for sharing.
Make sure you turn up the volume a wee bit
Check the video here:http://isq-library.s3.amazonaws.com/007-information-security-challenge-generic/player.html
Check how the video is used to promote the training here: http://www.securityvitamins.com/sacm
Information security awareness content can be split into various categories. Two categories could be “Compliance” and “General Information Security Awareness”. A careful examination of these categories necessitates a discussion of how content developed under these categories must be delivered.
These courses have the following features.
1. They are mandatory and must be completed by all
2. Is a requirement as per the law of the land
3. Is best delivered using an LMS (Learning Management System) that can track attendance
4. Usually has a test/ assessment at the end which the learner MUST pass
5. Is best to have a self-printable certificate that the learner can print after PASSING the exam and show as a proof of completion of the course
6. Usually takes anywhere between 15 minutes to 45 minutes to complete
Before I list the features of awareness messages, it is prudent to ask a question. Are you trying to deliver “awareness messages” like a compliance course. Is that required? What if you have 12 awareness messages spread across the year (one per month)? Do you have the energy, resources, time and money to keep pursuing employees to make them view one course per month?
This is where the following suggestions regarding awareness courses may become very useful.
1. They should be short and crisp – should not take more than 2 to 5 minutes of learning time
2. Try different channels of delivery – screen savers, posters, wall papers, html emailers etc.
3. Make it fun and interactive – You really want the learner to tell you at the water cooler …”hey that security poster was cool!”
4. Don’t chase “completion or mandatory” attendance but try for a positive feel and appreciation of information security around the message
5. Keep delivering regularly (one per month)
Now, if you notice, one compliance course + 12 awareness messages in a year is a good information security training program to have.
To view sample compliance courses and awareness messages, visit – http://www.isqworld.com/security-awareness-samples