Category Archives: Education

Pass IT On – a Great, and Security-Aware, Program

Posted on October 20, 2010 by Steve Addison

I recently heard about Pass IT On – an initiative designed to help some of the 10 million “digitally excluded” people in the UK get online. The idea is to help people to help their own friends and family get … Continue reading

Posted in Education | 2 Comments

4 Easy Steps to Outline Your Security Awareness Class

Posted on October 15, 2010 by Steve Addison

You’ve been asked to prepare a security awareness training session to be presented in a classroom, or a staff meeting, or online as a webinar … and you don’t know where to start. Here’s a simple 4-step process that might … Continue reading

Posted in Education | 1 Comment

The Duhs of Security – A Free Security Awareness Video

Posted on October 12, 2010 by Steve Addison

The Commonwealth of Virginia posted a nice security awareness video to YouTube. The video makes good use of humor incorporating impressions of celebrities (Arnold Schwarzenegger, Jack Nicholson …) but it doesn’t distract from the content. You could send out the … Continue reading

Posted in Education, Information Security | Leave a comment

Copyright in Security Awareness Training Materials

Posted on October 9, 2010 by Steve Addison

If you’re encouraging best practices, don’t weaken your message by breaking the law. Every now and then, I see a security awareness training presentation that makes extensive use of material from other sources – usually images and/or text copied from … Continue reading

Posted in Education | 1 Comment

Security Awareness and Social Networks: Why You Should Care, and What You Should Teach

Posted on June 21, 2010 by Steve Addison

You might have been avoiding it until now – thinking that social networking (Facebook, MySpace, LinkedIn …) is just a passing trend, or it’s only used by teenagers, or people only use it to exchange photos and jokes. But, if … Continue reading

Posted in Education, Information Security | 2 Comments

Poor Delivery – 5 Reasons Why Security Awareness Training Programs Fail – Part 2

Posted on May 11, 2010 by Steve Addison

You can have the best content in the world – well-written and illustrated, perfectly aimed at your target audience … – and your program will still fail if the delivery is poor. Whether it’s a boring presentation in the classroom, … Continue reading

Posted in Education, Information Security | 2 Comments

If You’re Going to Use PowerPoint

Posted on April 27, 2010 by Steve Addison

If you’re going to use PowerPoint to present security awareness training to a class of students, or perhaps to make a business case to your senior management, here are some suggestions from Seth Godin about how to make the best … Continue reading

Posted in Education | Leave a comment

Don’t Get Bogged Down in “How To”

Posted on April 21, 2010 by Steve Addison

When creating security awareness training materials, it’s tempting to explain to students exactly how they should scan a file for viruses, the steps to take to check an SSL certificate, how to examine the headers of an email … Don’t. … Continue reading

Posted in Education | Leave a comment

The Wrong Content – 5 Reasons Why Security Awareness Training Programs Fail – Part 1

Posted on April 16, 2010 by Steve Addison

In my experience, one of the most common ways that security awareness training programs fail is that the content of the awareness/training materials is wrong for the target audience. The mention of the audience is important here – what’s appropriate … Continue reading

Posted in Education, Information Security | 2 Comments

Awareness, Training, and the Four-Stage Learning Model

Posted on March 31, 2010 by Steve Addison

In some guidance documents (e.g., NIST SP800-16), you’ll find a distinction drawn between “awareness” and “training” even though most of us use the words together when talking about education of end-users. There’s actually a good theoretical basis for differentiating between … Continue reading

Posted in Education | 1 Comment