Process

Our Information Security Training Process in a Nutshell

01. Identification of Your “Why”
The first step of our program is to discover the rationale behind your information security training initiative. We work with you and the other stakeholders to find out how information security can both enable and propel your business goals. Then, we identify how any breakdown in your information security posture can obstruct your organisation’s path forward.

Here are just a few of the questions we ask when finding out your “why”:

- Did you recently have a “near miss” security incident in your organisation?
- Are you afraid that a human error related to information security might lead to data-stealing malware being installed on your systems, resulting in a high-profile data breach?
- Are you concerned that some end-users might have unencrypted devices which could get lost or stolen, leading to a breach?
- Are your stakeholders concerned about a cyber breach?

Once we identify why you need information security training, we can begin to develop a relevant and specific outcome for your organisation.

02.Discovery of your organisational goals and desired behaviour changes

Collaboration is the cornerstone of our training process. We work with staff, IT management and other key users in order to gain insights into both current and future organisational challenges. We also look for the most probable ways that human error could lead to data breaches or cyberattacks within your organisation.

03.Develop and agree on training metrics
We tailor our information security training process to the unique needs of your organisation. That’s why we work with you to develop an agreed set of metrics that will help to define the program’s success. Everything from instructional design to evaluation tools are built collaboratively to improve end-user security behaviours.

We’ll go over:

- The areas of information where security require more employee awareness.
- The right tools for measuring behaviour change, both before and after training.
- What criteria can be used to measure success, and how these metrics may change as a result of evolving information security threats.

The most important part of this stage is building the evaluation metrics around the outcomes that your organisation needs to be better equipped to handle cybersecurity challenges.

04.Designing effective learning interventions to improve the IT security awareness and behaviour of employees
This stage begins with an assessment of the background, skills, and current IT security awareness and behaviours of your employees. We do this to make sure that the training is relevant and engaging to everyone involved.

In getting to know your employees, and how well equipped they are to handle information security challenges, we:

- Administer a pre-training assessment to establish a knowledge baseline.
- Ask participants questions that are related to the information security issues they face on a daily basis.
- Use “what if” scenarios to gauge how employees would respond to a cybersecurity crisis.
- Identify which employees are suited to play the role of a security champion within your organisation.

The pre-training evaluation process encourages participants to reflect on their own security habits while making them more receptive to future learning.

Our training is tailored according to the risk profile, work role, department and industry sector of the audience.

Every department and work role within your organisation has different needs and objectives. When it comes to information security awareness training, a one-size learning program rarely fits all. Our training program is tailored to the risk profile and IT proficiency of participants. Where possible, we use information security case studies and scenarios which reflect the work roles or industry sector of the audience. Compared to generic case studies or scenarios, these have a greater resonance as participants can visualise themselves in key moments where security decisions have to be made. After the program, participants should be able to make much more informed information security decisions.

05.Training Delivery

One-size-fits-all approaches to training and knowledge retention never work. That’s why we deliver our information security training using mediums that are tailored to the audience.

Our training can be delivered via:

- E-learning
- Instructor-led face-to-face training
- Blended approaches (which combine e-learning and instructor-led approaches)

Though each training module may require a variety of mediums for maximum transfer effect, we work within your geographic and budgetary constraints to deliver an effective program.

E-learning

Our e-learning platform offers your organisation an efficient way to deliver security awareness content to employees. Our e-learning is facilitated by:

- Videos
- Quick reference guides
- Security checklists
- Copies of presentations
- Curated weblinks
- Knowledge assessment (quizzes etc.)
- Scenario-based learning

Customisable

- Our e-learning content is customisable with your logo or branding.
- Your organisation’s IT security policy and AUP can be easily uploaded.
- Course modules may be mixed and matched.
- It is designed according to either the employee role or department.

Easy to access and administer

- Our content is easily accessible with a smartphone, tablet or PC, and is available at a time and place which suits your employees.
- It is also easy to administer using a central control panel.

Hosting Options

- The courses can be hosted on the SecureClick learning management system or hosted on your organisation’s LMS.
- Easy to manage and administer.

Reporting

- Pre-training and post-training baselines are used.
- Our e-learning platforms provide comprehensive reporting that can be consolidated into a single report, giving you an overview of the program’s effectiveness.

Instructor-led (face-to-face training)

We offer on-site information security and privacy training at your workplace. Alternatively, you can select an alternative, off-site location that is convenient for your organisation.

Our instructor-led training includes:

- Storytelling – to bring abstract security concepts to life.
- Scenario-based learning – to challenge participants and to encourage them to put their learning into practice.
- Group discussion and challenges on information security which allows for shared insights, mutual support and a degree of peer pressure!
- Q&A sessions to enable participants to clarify meaning and obtain answers to any specific information security questions.
- Practical assignments – to test comprehension.

Supplemental Materials and Instruction

One of our training goals is to help your organisation develop a repository of information security training materials. We supplement the training process with relevant materials that your employees can continue to use as a reference point during their day-to-day working routines. These materials include:

- Easy access reference guides
- Security checklists
- Articles
- Infographics and other forms of data communication
- Posters and printed materials that give additional depth to the topics that are discussed in training
- Email briefs that warn about the current threats in circulation

These are updated regularly to highlight current threats and reinforce specific topics.

Our information security program incorporates some of the latest thinking on workplace learning to ensure that you achieve the best possible results and ROI.

Gamification
Our information security awareness program uses elements of gaming, such as progress bars, competition, challenges, rewards and dashboards that show learners and management how your program is progressing.
Participant self-reporting
Our learning process encourages participants to report on what they have learnt and how they are applying their new learnings on information security and privacy to their workflow. This reporting is facilitated by our e-learning platform.
Spaced-Learning (Micro-learning)
The latest academic research into workplace learning has shown that humans learn best when content is delivered over spaced intervals and continually reinforced. Our security awareness content can be delivered via the learning management system or via our email briefings over a sustained time frame rather than all in one burst. Likewise, we can provide instructor-led security awareness refresher courses at regular intervals.

Putting information security training into practice

We’ve made a discovery while delivering training courses to teams of all sizes and backgrounds that probably won’t surprise you: practice is what separates average performers from the world-class ones. Recent research from every field of human endeavour, from medicine to sports and chess, corroborates this.

Knowing this, we give participants sufficient time to apply meaningful, technique-driven practice to their newly learnt skills and provide constructive feedback on their performance. Our training takes the form of:

- Scenario-based learning
- Hands-on guided workshops
- Quizzes
- Games
- Simulations

Participants are presented with real-life information security risks, such as identifying non-compliant security behaviours in their office environment or simulating what occurs during a successful phishing attack.

Feedback

Anybody who has ever worn a personal fitness tracker knows first-hand how powerful feedback can be when it comes to influencing behaviour. Feedback is essential for improvement. We provide feedback to reinforce positive security behaviours and correct negative ones. This is provided during our on-site workshops, through our learning management system or on a one-to-one basis.

06.Post-training Maintenance

Effective learning is not a one-off event. We actively manage the follow-through process to ensure that participants apply their learning to their workflows by setting expectations, issuing reminders, ensuring accountability and providing support. This is facilitated by on-site workshops, our e-learning system, interactive videos, email briefings and printed materials.

A clear schedule of post-instruction events is distributed to learners and managers.

07.Program Reporting

Your organisation needs relevant and reliable data to make informed decisions about resource allocation. We provide concise, fact-filled, no-nonsense reports that provide you with an accurate overview of the program’s effectiveness.

These reports detail the successes (and failures) of behaviour change in end-users by using predefined metrics.

- Full evaluation methodology is provided.
- Pre-training baseline versus post-training comparisons.
- Success stories that illustrate behaviour change.

Actionable insights are provided to aid the further improvement of information security practices.

Got a question?

If you would like to make an enquiry about any of our services click the "Contact Us Now" button and fill in your details.