Blog Detail
Security Awareness Training
http://www.terranovasite.com/blog/
Terranova provides a comprehensive set of information security training and awareness tools that positively change security behavior. Built on industry best practices, TerraNova’s products help create a secure working environment
Recent Posts
The Year’s Most Hacked Software
http://www.forbes.com/2009/12/10/adobe-hackers-microsoft-technology-cio-network-software.html Forbes recently compiled a list of the seven Most-Hacked software titles for 2009. They took a survey of security professionals from various companies inc...
Learning to tie your shoes
I purchased a new pair of runners for my 7 year old and these had laces. I had taught him to tie his shoes in Kindergarten but with most of the shoes and boots having velcro, I did not realize that the lesson taught in Kindergarten did not stick. I w...
Can we look at a new paradigm for teaching security awareness?
At schools and colleges across the country and around the world, the use of the Internet and Web for learning and teaching is causing a major change in the landscape of education. Building upon decades of computer networking activities (e.g. e-mail a...
Data Theft on the Rise
The temptation of stealing corporate data on the way out of a job has reached a fever pitch this year as the recession continued and job losses mounted, according to a new survey from data security company Cyber-Ark. While 85 percent of respondents ...
The Business Case for Data Protection
Newly released research reveals that while C-level executives feel that good data protection efforts support organizational goals such as compliance, reputation management or customer trust, there is a lack of confidence in the ability to safeguard s...
Social Media Security Policy
According to a recent CSO online survey, "just under ten percent of respondent enterprises said their social media policy was fully implemented and communicated in 2008. That jumped to 34 percent in 2009, with another third responding that they had ...
Responsibility for development, maintenance and management of corporate Security Awareness Training has always been pushed down to the IT security practitioner. The biggest problem with this is - the security staff is probably the least qualified in instructional design methodologies and often produces bland content or content that is way over the heads of the average non-IT worker. We at SCIPP International realized this when we brought 22 of the world's most renowned security luminaries together to formulate an internationally recognized set of best business practices for SAT and then engaged both psychometricions and the core staff who creates and teaches the official (ISC)2 training. It was quite interesting to see the evolution of what would eventually become our courseware. The luminaries decided on the curriculum, but the professional course development teams decided how it should be delivered to achieve maximum behavior modification. A good example is - Instead of telling the audience what mandated criteria a password must contain, they decided that the best way to change behavior was to demonstrate the creation of an easy to remember, but hard to break password. In other words, applied learning. Users report back saying that once they review the course, they now understand how to apply good security practices - that's huge!!! So, net-net...If you're a security guru and not a graphics designer, a copy writer, an instructional design pro and fully understand the art and science of psychometrics - leave the creation of your security awareness program to those who are.
Posted: September 4th, 2009 | Report This Comment