The process of constructing a security training inside an organization involves-
i. Program Scope, Goals, and Objectives5
Security training policies clearly outlining the scope, goals, objectives and enforcements should be written.
ii. Identify Training Staff
Choosing staff from diverse teams – management, security, communications, HR, web applications, media developers etc who are experienced and/or having undergone training – to create the training staff.
iii. Target Audience5
The training programs can have different modules. A generic one for all staff, and specialized fine-grained ones for specific groups.
iv. Motivate Management and Employees
The upper management needs to be “in” with the plan so that it can effectively be pushed to all employees by either making it mandatory, and/or by allocating regular time-slots for the training. The employees need to be motivated to attend the training.
v. Administer the Program5
The program should have “high visibility.” 5 And the selection of the training topics should be based on the “organization’s needs specific to the targeted audience.” 5
vi. Maintain the Program5
The curriculum should be continually updated. Computer technology changes constantly and “requires that training personnel are briefed and recertified frequently in order to keep up with the pace of rapid change in their fields of study.” 5
vii. Evaluate the Program
Evaluating the users’ knowledge and testing training effectiveness is important. The program should also invite feedback. It serves as crucial input for the next cycle of training.
Four resources that can be consulted to ensure the training material is adequate and current are-
- SANS Securing The Human: http://securingthehuman.sans.org/resources
- US-CERT: https://www.us-cert.gov/security-publications/protect-your-workforce-campaign#work
- Wombat Security Technologies: https://www.wombatsecurity.com/security-education/free-security-awareness-resources
- SOPHOS: https://www.sophos.com/en-us/security-news-trends/it-security-dos-and-donts/training-tools.aspx