Data Center Risk - Tell us how you manage it and enter to win iPad

London Summer 2013

London, United Kingdom | Tue Jul 9 - Tue Jul 16, 2013

MGT433: Securing The Human: Building and Deploying an Effective Security Awareness Program

  •  12 CPEs

Organizations have invested in information security for years now. Unfortunately, almost all of this effort has been focused on technology with little, if any, effort on the human factor. As a result, the human is now the weakest link. From RSA and Epsilon to Oak Ridge National Labs and Google, the simplest way for cyber attackers to bypass security is to target your employees. One of the most effective ways to secure the human is an active awareness and education program that goes beyond compliance and changes to behaviors. In this challenging course you will learn the key concepts and skills to plan, implement, and maintain an effective security awareness program that makes your organization both more secure and compliant. In addition, you will develop metrics to measure the impact of your program and demonstrate value. Finally, through a series of labs and exercises, you will develop your own project and execution plan, so you can immediately implement your customized awareness program upon returning to your organization.

Course Syllabus
Course Contents InstructorsSchedule
  MGT433.1: Planning and Building Tim Harwood Mon Jul 15th, 2013
9:00 AM - 5:00 PM

CPE/CMU Credits: 6

Topics

  • Defining the elements of risk and their role in awareness
  • Why humans are so vulnerable and how cyber attackers exploit these vulnerabilities
  • Defining awareness, training, and education
  • Getting both management support and a budget
  • Determining strategic issues including: building a steering committee, documenting an awareness policy, developing overall goals, and identifying limitations
  • How to structure a large, enterprise solution that scales for multiple business units
  • How to build a modular program that can adapt to your organization's changing needs
  • Who - Identifying the different targets of your awareness program
  • What - Identifying and prioritizing the topics that will have both the greatest impact for your organization and ensure you are compliant
  • Creating and documenting lesson objectives for each of your topics
 
  MGT433.2: Implement and Maintain Tim Harwood Tue Jul 16th, 2013
9:00 AM - 5:00 PM

CPE/CMU Credits: 6

Topics

  • How - Identify the most effective communication methods for your organization's culture
  • The two different communication methods: Primary and Reinforcement
  • The advantages, disadvantages, and what works for the two different primary methods: instructor led and computer based training
  • The options for deploying computer based training, and their advantages and disadvantages, including use of a Learning Management System (LMS)
  • Different reinforcement methods, including newsletters, posters, and screensavers
  • Leveraging imagery for your awareness program
  • How to present, including ten key steps to success and ten mistakes to avoid
  • Developing an execution plan and execution checklist
  • Designing and using metrics to track both the compliance and the impact of your program, including awareness assessments
  • Updating and improving your program
 
Additional Information
 
  Testimonial

"The Who and What of training and awareness is just what I needed to take back home." - David Nix - Department of Energy

"Soup to nuts, this class covers the entire designing, building, deploying and measuring an effective security awareness program." - Chris Sorensen - GE Capital

 
  Who Should Attend

  • Security awareness training officers
  • Chief Security Officers (CSO's) and security management
  • Security auditors, governance, and compliance officers
  • Training, human resources and communications staff
  • Organizations regulated by Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), Family Educational Rights and Privacy Act (FERPA), Payment Card Industry-Data Security Standards (PCI-DSS), ISO/IEC 27001, Family Educational Rights and Privacy Act (FERPA), Sarbanes-Oxley Act (SOX), or any other compliance driven standards.
  • Anyone responsible for planning, deploying, or maintaining an awareness program
 

Author Statement

After being actively involved in information security for over fifteen years I have seen one constant factor, employees are the weakest link. What amazes me is so many people agree on this point, but so few organizations do anything about it. I'm determined to change that. I am extremely excited about Securing the Human, as we provide organizations the skills they need to build an effective awareness program and secure their employees. By securing the human, organizations will not only be fully compliant but be far more secure then they could ever be with just technology alone. - Lance Spitzner