All too often, I hear about security awareness training programs that fail. Here are some of the reasons that I hear:
- The information that they contain is inappropriate for the audience (usually far too complex).
- The presentation of the information is dull or dry.
- The program is too expensive to run on an ongoing basis.
- Students don’t have enough time to take the training.
- The program doesn’t fit with other training initiatives in the organization.
I’m not going to try to rank these in any kind of order. But, over my next few posts, I’m going to look at each of these in turn, try to identify the pitfalls, and give you some suggestions that may help you avoid them.
Hi Steve. I realize I’m preempting your series of postings on this but I’m confused from the off. Are you talking about training courses, security awareness programs, or something else? Seems to me that “awareness training” blends two quite distinct concepts, with different goals and approaches …
Hi Gary
Apologies for the delayed response. I’m aiming to talk about what most of our clients would call “security awareness training” which – as you know – is generally a blend of “awareness” and “training”, rather than differentiate between the two concepts for reasons that I’ve tried to explain in this new post.
Steve