MGT438: How to Establish a Security Awareness Program

Security awareness is a never ending process. We must invest in teaching our users what to do and what not to do when using the Internet in order to achieve an acceptable level of risk. MGT438: How to Establish a Security Awareness Program includes certification in SEC351: Computer and Network Security Awareness and a license to teach SEC351 at your organization free for one year, with a reasonable site fee thereafter. This course is based on NIST SP 800-50, "Building an Information Technology Security Awareness and Training Program."

Being able to design, implement, and manage an effective security awareness program is difficult at best. MGT438 walks trainers and security managers through the architecture and design of a successful security awareness program. It helps the student to document and design a clear cut strategy, approach, and implementation plan.

The student will learn how to present the three-hour SANS course Security 351: Computer and Network Security Awareness which teaches people with little or no security experience important concepts and technology that every Internet user should know. Topics include threats, antivirus programs, firewalls, anti-spyware, identity theft, and phishing. SEC351 will raise the students' awareness and offer them the basic skills needed to protect themselves from various threats on the Internet. All MGT438 attendees will study a section of SEC351 and present it to the class. Once certified in SEC351, they will be licensed to teach it.


Note: There is a lot of material to cover and we do not want to throttle discussion in class, this course may run past the scheduled time.

Course Syllabus
  Who Should Attend

  • Trainers
  • Security Managers
  • Anyone responsible for security awareness program

Author Statement

Author Statement

"Awareness is one of those awkward 2,000 pound elephants on the table that everyone sees and nobody wants to talk about. We know awareness is one way to improve security, but we only invest about eight hours of the security person's time to create a 30-minute online presentation, followed by a five-minute comprehension quiz. To be successful, an awareness program needs to target the user behaviors you want to modify, be sensitive to the target populations, and engineer metrics so you can measure success. Anyone can figure this stuff out, but we get busy. MGT438 presents a template for creating and maintaining an awareness program. If you are diligent to complete the labs, you will return to the workplace with a ready-to-go program."

- Stephen Northcutt

*CPE/CMU credits not offered for the SelfStudy delivery method

/ Location
/ Instructor

All OnSite Course of Your Choice Your Choice  

*Course contents may vary depending upon location, see specific event description for details.