Advanced Persistent Training by Jordan Schroeder
Author:Jordan Schroeder
Language: eng
Format: epub
Publisher: Apress, Berkeley, CA
Customize
Customize awareness material as closely as you can to the department, role, or person.
A 2014 Ponemon Research Institute and Security Innovation study (Ponemon, 2014) included a startling fact: few respondents said that they customized their awareness materials to the finance department (only 10 percent did), but many did customize material for the IT department (66 percent). This is a large, overlooked area of potential gains in a program’s effectiveness.
Customizing the material to the audience, even to the person, has a huge impact on attentiveness during training and retention afterward. Every example in training should be customized as much as possible. For example, showing an HR phishing e-mail to the members of the shipping department forces the students not only to try to understand the technical and conceptual points you want them to absorb but also to extrapolate the actual content of the e-mail to their own experience. It can feel like being trained on how HR should respond to phishing e-mails, instead of how they themselves should respond. Showing the shipping department a shipping department phishing e-mail lowers the barrier to identifying with the situation and therefore to understanding it.
Awareness materials should go beyond the department level and be customized to the person. This might be feasible only if you are using computer-based training systems that allow this, but in my experience with the SelfPhish research platform, if the examples use the actual name of the student (instead of John/Jane Doe, for example), attention and retention reach even higher levels.
Lots of customization can be a lot of work, but there are ways to cheat a little. When showing phishing samples, for example, you could use company-wide e-mails or something that might be common to all departments and people. For physical and personal behaviors, you can use a person, role, or department that everyone regularly interacts with, such as reception or the IT help desk, to provide a common experience to leverage.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7787)
Grails in Action by Glen Smith Peter Ledbrook(7700)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(6604)
Azure Containers Explained by Wesley Haakman & Richard Hooper(6592)
Running Windows Containers on AWS by Marcio Morales(6120)
Kotlin in Action by Dmitry Jemerov(5070)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(4937)
Combating Crime on the Dark Web by Nearchos Nearchou(4516)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4418)
Microsoft Cybersecurity Architect Exam Ref SC-100 by Dwayne Natwick(4374)
The Ruby Workshop by Akshat Paul Peter Philips Dániel Szabó and Cheyne Wallace(4189)
The Age of Surveillance Capitalism by Shoshana Zuboff(3960)
Python for Security and Networking - Third Edition by José Manuel Ortega(3758)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3512)
The Ultimate Docker Container Book by Schenker Gabriel N.;(3425)
Mastering Python for Networking and Security by José Manuel Ortega(3348)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3336)
Blockchain Basics by Daniel Drescher(3303)
Learn Wireshark by Lisa Bock(3295)
