At Securing The Human we recently released the latest version of our EndUser security awareness training. Technology, threats and standards are constantly changing, so to should your awareness content. With this release we have several new updates and changes that benefit you and your organization. You can find the full details of all 43 training modules and the changes in our 2013 December Module Descriptions matrix.
- New Modules: We added two new modules to our training library; International Travel and Australian Compliance.
- Updates: We had minor updates for six of our modules. Minor updates usually include adding a new learning objective, updating an example or improving wording to make the content easier to understand.
- Re-writes: We completely re-wrote seven of our existing training modules. The biggest change was simplifying our most popular compliance modules (PCIDSS, HIPAA, PII, GLBA). We found that even though each standard protected different types of data, they shared many of the same security controls. We combined the common controls into our Data Security module. That way people view these commonly shared controls only once and the compliance modules then cover only what is specific or unique to that standard. This eliminated over 8 minutes of redundant content, saving your organization time and money.
- Core: We now have 43 modules in our training library. One of our concerns is we are seeing some organizations use most or all of these modules. For effective training to have an impact, the fewer modules you use, the more likely people will retain the information and change behaviors. The challenge then becomes identifying which modules should be used. To give organizations a starting point, we worked with our Board of Advisors to identify the top 9 most common human risks and their corresponding modules. We then identified this as a common core. We are not saying you must use this core list, but if you are not sure where to start, we have done most of the hard work for you.
About the Author
Lance Spitzner
Director, SANS Security Awareness
Lance Spitzner has over 20 years of security experience in cyber threat research, security architecture, awareness and training. He helped pioneer the fields of deception and cyber intelligence and founded the Honeynet Project. In addition, Lance has published three security books, consulted in over 25 countries and helped over 350 organizations build programs to manage their human risk. Lance is a frequent presenter, serial tweeter ( @lspitzner ) and works on numerous community security projects. Mr. Spitzner served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.