Many IT security training programmes are called security awareness campaign. Security awareness is the term used to describe the human factors side of IT sec and all training related stuff.

However, awareness is not enough. You don’t want your users to be aware of security problems, you want them to act security competent.

Unfortunately, a lot of managers/CISOs lack the psychological background of how to conduct an effective and efficient training programme. And a lot of vendors sell outdated and simple structured awareness campaigns stuck in the primitive Behaviourist psychology of the 1950s.

This talk will show you how to design an effective and efficient – and therefore successful IT security training campaign.

It will not be limited to just awareness, but insted will use the model of security competence. A model we developed from the latest didactical design methods used in the German technical vocational training and education system.

It is designed in a way to enable the trainees to understand how IT works and how IT security problems can occur. Additionally it trains the trainees to act autonomous and improve themselves to stay up to date with their skills.

I will show in this talk how you can make use of the latest psychological research and design sustainable, effective and efficient training programmes.

Some of the key points are:

  • Why awareness is not enough
  • how to use modern didactical methods
  • how to use the model of security competent action
  • how to design a training programme
  • how to train your users sustainable, effective and efficient
  • how to test and measure your training programme

ZG

Publikationen