One of the most common questions I get working on security awareness programs is "What is an LMS and why do I care"?  Lets take a moment and answer that question. Often most security programs have two shared goals. The first goal is to change behaviors of employees, to create a more secure environment.  If employees are aware they are a target and what they can do to protect themselves, organizations will be less likely to be compromised. The second goal is compliance, to meet certain standards or regulations that require an awareness program, such as PCI DSS or ISO 27001.  Such standards require organizations prove they have an active awareness program and document which employees have been through the training.  This is where a LMS comes in.

A LMS (Learning Management System) is really nothing more then a software application used to manage, distribute and track online training. Organizations take their security training videos and then load them into their LMS (or one hosted by someone else).  Each employee is then given a login and password to the LMS.  They are then required to login to take the training.  As a result, organizations can now track who took what training when, and if there are quizes what the employee's score was and if they passed. Thats it.  Some LMS's have far more advanced functionality (such as offering courseware at universities) but for the world of security awareness this is usually what I see it used for. There are many different vendors for  LMS software (including open source versions).  To ensure operatbility they all share a standard called SCORM.  If you are considering using a LMS, make sure your security training is SCORM compliant.

Still confused or want to try out a LMS?  Just shoot me an email and I'll be happy to give you an LMS account to try.