One of the challenges organizations face with an awareness program is determining which topics to teach. Once you start researching all the different behaviors you want to change, you can develop quite a long laundry list.  It would be great if we could teach end users everything we want, but that is often not practical. End users can only be trained and remember so much.  You only have so many resources and time to communicate.  These and often other factors limit the number of topcis you can have in your awareness program.  Over the next couple of weeks I'll be covering what I feel are the ten most important topics, why I feel they are important and some of the key behaviors we want to change for each topic. My goal is to create a starting point for organizations, a way you can quickly jump start your awareness program that is both compliant and reduces risk.   Based on my experience, I feel these are the top ten topics, and in this order.

  1. You Are The Target
  2. Social Engineering
  3. Email and IM
  4. Social Networking
  5. Browsers
  6. Passwords
  7. Encryption
  8. Smartphones / Mobile Devices
  9. Monitoring / AUP
  10. Hacked

Next post I'll start with You Are The Target.  I'll explain what this is, why I feel it is so important and the key lessons we want to teach.  I'm also very interested in the community's feedback, especially if you disagree on a certain topic and why.