Have you ever wondered what key items to look for in an information security awareness training (ISAT) program? Recently our CEO Larry Cates was interviewed by Info Security Products Guide for their executive interviews, and he discussed this topic with Rake Narang from the ISPG team.

Here are my three favorite points from the interview.

  1. Learning is not a one-time event, and therefore you need to provide continuous learning in order to actively engage your audience. Your program should consider options that provide multiple touch points in your campaign: general awareness courses, role-based courses, topical videos, security newsletters, themed posters, email campaigns and more.
  2. The absence of relevant and scenario-based training to engage the user is a critical misstep in conducting an effective program.
  3. Specific course topics should focus on individual responsibility and include: phishing, mobile security, passwords, identity theft, social engineering, portable devices, data security, network security and physical security.