Three Critical Factors in Building a Comprehensive Security Awareness Program

Download the research paper

Full Name

Business Email

Job Title

No. of Employees

Phone Number

Comments

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

email you content that you have requested from us
with your consent, occasionally email you with targeted information regarding our service offerings
continually honour any opt-out request you submit in the future
comply with any of our legal and/or regulatory obligations

For further details see our Privacy Policy.

Research by Gartner.

Discover Three Critical Factors in Building a Comprehensive Security Awareness Program.

Key Challenges

Most people forget the majority of what is presented in a training program that occurs infrequently.
Interactive simulations produce higher levels of skills retention than the mere presentation of recommended security actions, but they are difficult to measure compared to other awareness metrics.
Audiences are bored by education programs that fail to leverage a variety of media and content styles.

Recommendations

Security and risk management leaders overseeing an information security program should:

Assess the culture of the enterprise to determine requirements for the specific messaging, delivery and frequency of security awareness information that will ensure consistent, desirable behavior.
Leverage an attack simulation product, such as a phishing simulation program, to help identify key pockets of risk within the enterprise audience, deliver social engineering attacks and provide just-in-time training and teachable moments.
Use communications and marketing tools for ongoing reinforcement of good behaviors and to keep security top-of-mind. Consider building a communications campaign with a mix of digital banners, web events and messaging on techniques to help reinforce lessons.