Security Awareness and Competence Blog

Sample – Information Security Awareness Training Induction Video

Hello,

Recently for a leading bank we created an Information Security Induction training video that gave an overview of their security policies and procedures. To make the course interesting, we used scenarios and interactions that engages the learner. We are happy to share this course and it will be great to receive feedback to help us improve further.

Security-Awareness-Induction-Training-Program-Video

To play video, click here.

Warm regards,

Anup

Sample – Root cause analysis training video

Hi,

Root cause analysis may be a boring subject. But, it can be made super interesting by adding some cool touches. We created an awesome training video using ants, an ant eater and a river crossing to teach root cause analysis.

5-step-root-cause-analysis-video

Click here to play the video.

Anup

Sharing – Security Awareness Video with an Oriental theme

Hi,

We had great fun producing this cool video with an oriental theme with awesome images and music. The learner also has the option to select an Avatar and play himself/ herself in the course. This security awareness training video covers some important fundamentals of information security.

Information Security Best Practices Awareness Training Video

Click here to play video.

Thanks,

Anup Narayanan

30 second security awareness training

Hi,

It is not difficult to make security awareness training a continuous process by delivering short and sweet security awareness training modules regularly.

This video focuses on the importance of keeping white boards clean in 5 simple steps. The advantage of these type of modules is that they don’t occupy much time but occupies a larger mind space.

clear-white-board

Click on the image below or click here.

Warm regards,

Anup
Information Security Quotient (ISQ)

Free PPT for Security Awareness Training for Top Management

Hi,

A presentation that I took recently for a top management group that focuses on the human factor in information security. The presentation focuses on,

1. Why people make security mistakes
2. How security decisions made by people are influenced by “Perception”
3. How ISMS can be improved by influencing the “feeling of security”

You can also click here: http://www.slideshare.net/NarayananAnup/the-difference-between-the-reality-and-feeling-of-security

These thoughts were inspired by an article by Bruce Schneier titled “The Psychology of Security” – http://www.schneier.com/essay-155.html

Do drop me a note if you wish to discuss more on this.

Warm regards,

Anup

Free Video – Knowing Security is not the same as Practicing Information Security

Free Video – Knowing Security is not the same as Practicing Information Security

Hi,

I believe the term “information security awareness” is incomplete. It must be “information security awareness and competence”. This is because “awareness” is only half the job. You are making the employee learn important information security policies, fundamentals etc. But that is only half the job. After teaching the employee must also prove that they are applying what they have learn correctly. How do you do this?

This is where the organization must look at the human factor in Information Security as a whole and create a comprehensive plan that addresses both awareness and competence. This plan must have,

1. An awareness program
2. An awareness assessment program
3. A competence assessment program

I have created a short video tutorial where you will learn important fundamentals in less than 3 minutes. Click on the image or the link below.

security-awareness-competence

Click here

Thanks,

Anup

Using Formula 1 Racing as a theme for a Security Awareness Video

Hello,

Security awareness messages can be packaged in various ways to give the learner a great experience. The more exciting and interesting the experience, higher the impact of learning and recall.

Formula1 Racing Theme Security Awareness Video

Recently we did a security awareness video prototype using a F1 Racing Car theme, with elements of interactivity built-in to ensure that the learner participated along the way. The feedback was very positive and happy to share the video.

Click here to play the video.

Thanks,

Anup

Comic book themed information security awareness

Hi there,

Who doesn’t like comics? After all we grew with them. The bright colors, the amazing characters, the thrill and suspense….it was amazing. My favs were Phantom and Tarzan.

While going the memory lane, I thought a comic book based theme will be a good idea for a security awareness video.

Check this out. Click on the image or URL below.

Comic book security awareness

http://isq-library.s3.amazonaws.com/Comic-Book-Security-Awareness/player.html

Let me know what you think.

Warm regards,

Anup

007 Bond theme for a Security Awareness Video

Hi,

Recently for promoting the “Certified Security Awareness and Competence Manager” training program in Kuala Lumpur, Malaysia, I created a promotion video using the 007 James Bond theme along with the title music from Bond films. I decided to make a generic cut of the video for sharing.

Make sure you turn up the volume a wee bit :)

Check the video here:http://isq-library.s3.amazonaws.com/007-information-security-challenge-generic/player.html

Check how the video is used to promote the training here: http://www.securityvitamins.com/sacm

Thanks,

Anup

Information Security Compliance Courses Vs. Awareness Courses

Hi,

Information security awareness content can be split into various categories. Two categories could be “Compliance” and “General Information Security Awareness”. A careful examination of these categories necessitates a discussion of how content developed under these categories must be delivered.

Compliance Courses

These courses have the following features.

1. They are mandatory and must be completed by all

2. Is a requirement as per the law of the land

3. Is best delivered using an LMS (Learning Management System) that can track attendance

4. Usually has a test/ assessment at the end which the learner MUST pass

5. Is best to have a self-printable certificate that the learner can print after PASSING the exam and show as a proof of completion of the course

6. Usually takes anywhere between 15 minutes to 45 minutes to complete

Awareness messages
Before I list the features of awareness messages, it is prudent to ask a question. Are you trying to deliver “awareness messages” like a compliance course. Is that required? What if you have 12 awareness messages spread across the year (one per month)? Do you have the energy, resources, time and money to keep pursuing employees to make them view one course per month?
This is where the following suggestions regarding awareness courses may become very useful.
1. They should be short and crisp – should not take more than 2 to 5 minutes of learning time
2. Try different channels of delivery – screen savers, posters, wall papers, html emailers etc.
3. Make it fun and interactive – You really want the learner to tell you at the water cooler …”hey that security poster was cool!”
4. Don’t chase “completion or mandatory” attendance but try for a positive feel and appreciation of information security around the message
5. Keep delivering regularly (one per month)
Now, if you notice, one compliance course + 12 awareness messages in a year is a good information security training program to have.
To view sample compliance courses and awareness messages, visit – http://www.isqworld.com/security-awareness-samples
Cheers,
Anup

Page 1 of 212