The Brave New World of InfoSec
About this Blog:
A seasoned security pro's take on events around the world.
Training and Awareness Based upon Age and Learning Styles
The head of HR is looking for you to summarize your thoughts about the integration of policy-presentation styles and security-awareness strategies for CIO? Board meeting is coming up and you need to get your messaging together. Maybe this will help:
-----
Let me explain my thoughts on aligning policy with awareness in a cohesive series of delivery medium.
It is my desire to inform and motivate employees through multiple formal and informal communications channels of various formats running in parallel that are focused on our policies while staying abreast of daily information security events. We intend to do this through the monthly circulation of timely information that caters to each learning style and age group.
We teamed with Corporate Training to analyze our current delivery mechanisms against learning styles and demographics. We were able to determine the fastest growing demographic segments within the company as compared to their particular traits. We can make assumptions concerning this data relative to the types of awareness programs we need to initiate and to the types of policies we need to establish or update.
We’ve also examined learning styles and hope to incorporate these approaches.
As we continue to hire Millennials and Generation X personnel, the level of technical expertise increases while the types of communication tools change. In order to engage these employees, we intend to deliver awareness on policies through the both new and more traditional medium:
Blogs
Wikis
Podcasts
Text Messaging (Twitter and Tweets)
Vodcasts
Instant Messaging
eBooks
crowdSourcing
Flickr
Facebook
RSS Feeds
Webinars
Seminars
Webcasts
Interactive online courseware
Posters
Pamphlets
Email
Intranet
Mashups
The ability to deliver messaging in media that Millennials and Generation X employees prefer is a growth area. We intend to establish a high level of awareness creating momentum while sticking to an individual topic each month, seizing the opportunity to expand and contract as appropriate to each audience via multiple media options. We are examining solutions for a ‘create once publish many’ infrastructure enabling accurate and pointed messaging covering a broad range of topics from different perspectives, incorporating current security risks and topical news both within the company and in the marketplace.
We also intend on rewarding proper behavior surrounding identification and communication of issues. We are nearly ready to present the rewards program proposal to you for review prior to submission.
We see security policies as a method to communicate the corporate consensus of judgment that defines appropriate behavior for our employees. As per our recent discussion, this provides Human Resources the ability to act in response to inappropriate behaviors executing appropriate sanctions that are fair and within legal bounds since prosecution without policies can be problematic.
Through branding and integration of all medium into a coherent, consistent and instantly recognizable policy-based, campaign theme, we envision cultural change while reducing security risks. Not to be entrenched in a standard monthly message, we are working with the Help Desk to quickly identify security issues as they are logged using Blogs, RSS feeds and Twitters as methods to maintain internal issue currency.
We are establishing a Policy and Awareness Council that demographically represents the company. We are greatly interested in your participation as a co-chair for this council. I look forward to your feedback.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
