Engage! Creating a Meaningful Security Awareness Program


Published on

Presentation given by Cherry Delaney and Ben Woelk at the EDUCAUSE Security Professionals 2012 conference in Indianapolis on May 17, 2012

1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Purdue University located in West Lafayette, IN. We are the land grant university of Indiana. We have 75,000 students across all campuses, about 40,000 at West Lafayette. We have over half a million graduates cumulative from 1874 to 2011. Men are a higher percentage than women but by only 6% points – a big change from earlier days. We have a large population of international students, both undergraduate and graduate students.
  • What’s the best vehicle? Paper: Brochures, advertisements Digital: online sites, RSS links to website Social media: Facebook, Twitter, LinkedIn Video: YouTube In person: presentations, information fairs All of the above!
  • Build relationships Involve others to help deliver the message Build strong relationships, engage influencers, and nurture those connections. What are the key relationships YOU need to have market your community effectively? Establish Partnerships Sister organizations Develop relationships to work your message into as many groups as possible (LinkedIn)
  • We added this component because not everyone that lands in this position of security awareness has a background in training and we had heard from some that it might be useful. Before I commit a lot of time to discussing this, please let me know if you feel this will be valuable or what aspects would be most beneficial for me to talk about? I enjoy developing relevant training but hate how sometimes it is so rushed that it is set up to fail – then all of training gets a bad rap.
  • Everyone says we need training. That will take care of the problem. Great. So what is it that needs fixed? What is the knowledge gap? What behavior, when exhibited, solves the problem? What is the behavior that causes the problem? How will we evaluate that the training is considered successful? We have a process for assessing what needs to be done to create relevant training.
  • The URL shows where I borrowed the graphic from and provides further information about This model exemplifies the process we go through to decide how to build relevant training that should be successful. It is a fluid process of testing ideas, getting input for what needs to be trained, designing, developing, piloting, and finally implementing. It is not finished when the training concludes – there needs to be ongoing evaluation of the relevance and effectiveness of the training. ISD – stands for Instructional Systems Design
  • Who needs to be at the table – administrators so they support the training and time for staff to be trained – examples of set up to fail: Outlook training mandated for all employees – we cater to train them closer to their offices. We are inconvenienced doing this – using laptops we don’t own and have not configured, to an audience who was pretty much told to just show up and take the training. One professor asked what the software did? One older lady just sat there refusing to learn it. Next instance, the team was working together really well. The administration was balking at taking the next step – the training was tested, piloted, ready to go – administration decided to bail it entirely – 2 years later, the software was back on the table. Access training – developed it as a progression of developing one database – was the preferred method students liked. We bought a package and it was badly developed for Access. Outlook training – techie’s wouldn’t want it was the assumption but they really didn’t want to figure another tool out and would gladly come to a 2 hour training to learn everything they needed.
  • The course objectives should flow from the assessment findings of gap analysis. What needs to be taught and where are the staff currently in their knowledge? How many people need to learn? Is everyone at the same place or are there remedial training needs, basic updating of knowledge and advanced knowledge staff? It is always hardest to try and train everyone at the same level when you have staff with very disparate knowledge. Access training was clearly an advanced course but we would have mouse challenged users in the group. Police dept was moving to using laptops in the patrol cars so they needed to be training on how to use computers – we offered to train them in the evening and worked our schedule around theirs.
  • Active learning creates an environment that engages the students in discovering their own learning process. They seek the answers out and implement the solutions – then may find another problem to solve before reaching the final conclusion. We have a high school student staying with us whose math assignment is to create the final exam schedule for the high school/jr. High She is taking discreet math and needs to apply it to solve the problem of exam schedules, keeping several test rooms in proximity for the teacher to visit each classroom for questions without having to go up and down stairs. He also wants them to create a template for following years to use. This is a great way to transfer the learning to the students in a way that will stay with them after class is done.
  • I piloted my access series and with students asking questions I hadn’t asked, found some new areas that needed to be included in the training. I tweaked the manuals as we piloted the materials – it was very engaging for me and the product was far superior for the added input of the students. I was lucky to have some very bright people to work with. Good timing – not Monday morning, Friday afternoon, near a holiday, or beginning of school.
  • Engage! Creating a Meaningful Security Awareness Program

    1. 1. Engage! Creating a Meaningful Security Awareness ProgramBen Woelk Rochester Institute of TechnologyCherry Delaney Purdue University Powerpoint Templates Page 1
    2. 2. Introductions Speakers Seminar Participants Powerpoint Templates Page 2
    3. 3. Seminar Overview A. Planning C. Integrating Formalized Training E.Implementation Workshop Powerpoint Templates Page 3
    4. 4. Marketing communications are foundationalto increasing your department’s reach andenergizing your fan base. Powerpoint Templates Page 4
    5. 5. COMMUNICATIONS PLANNING Powerpoint Templates Page 5
    6. 6. Why plan?• Systematic approach• Repeatable• Set and achieve goals• Be proactive• Be strategy driven, not event driven• Strategic plan drives marketing/communications plan Powerpoint Templates Page 6
    7. 7. Components of a Plan• Audience analysis• Key messages• Communications channels• Calendar of promotions• Develop relationships Powerpoint Templates Page 7
    8. 8. Audience Analysis• Who are your audiences?• How do they communicate now? Powerpoint Templates Page 8
    9. 9. Key Messages• What you’ll communicate – Value proposition – Vectors of differentiation • Why should they care about your community?• How you’ll communicate • Use credible sources • Keep your messages short and simple Powerpoint Templates Page 9
    10. 10. Communications Channels• What’s the best vehicle? Powerpoint Templates Page 10
    11. 11. When to Deliver the Message• Timing is important • Leverage opportunities • Reuse content • Calendar of promotions Powerpoint Templates Page 11
    12. 12. Key Relationships• Build relationships• Establish partnerships Powerpoint Templates Page 12
    13. 13. Implement the Plan• Get feedback• Follow calendar of communications, but don’t miss opportunities.• Develop processes Powerpoint Templates Page 13
    14. 14. Evaluate and Make Mid-Course Corrections• You will make mistakes• Don’t be afraid to make a change• Did it make a difference? • Ways to evaluate – Surveys – Analytics From austinevan Powerpoint Templates Page 14
    15. 15. Integrating Social Media:Which channels and for what purposes Facebook Google+ Twitter Blogs Social media plugins ?? Powerpoint Templates Page 15
    16. 16. Integrating Social Media Administrative requirements for using social media – Policies? » Branding? – Automation – Dashboards » HootSuite » Tweetdeck Powerpoint Templates Page 16
    17. 17. Facebook• Characteristics – Timeline – Need admin – How to get followers• Decisions – Page or Group?• Examples Powerpoint Templates Page 17
    18. 18. Twitter• Characteristics• Decisions• Examples Powerpoint Templates Page 18
    19. 19. Blog• Characteristics• Decisions• Examples Powerpoint Templates Page 19
    20. 20. Google+• Characteristics• Decisions• Examples Powerpoint Templates Page 20
    21. 21. Other options• FourSquare• Pintrest?• Email Powerpoint Templates Page 21
    22. 22. Managing Social Media• Dashboards – Tweetdeck – HootSuite – “Auto-tweets” Powerpoint Templates Page 22
    23. 23. INTEGRATING FORMALIZEDTRAINING Powerpoint Templates Page 23
    24. 24. Integrating Formalized Training • Analysis: Is the performance problem a training problem? • How will implementing training positively impact a business need or goal? • What must the learners be able to do in order to ensure the required change in performance? Powerpoint Templates Page 24
    25. 25. Basic Design Principles http://www.nwlink.com/~donclark/hrd/learning_environment_f ramework.html Powerpoint Templates Page 25
    26. 26. Assessment• Determine where is the gap in knowledge• What is the goal of the training – Who is the audience – What needs to be taught/learned – Who needs to be at the table discussing the training – Important to schedule the training time for employees – Audience analysis – what are the preferred learning styles of the students – How will instruction occur? Instructor led- where/when? Online tutorials – where will you host/manage/record? Powerpoint Templates Page 26
    27. 27. Course Objectives• What key things need to be taught?• Will there be pre-instructional activities? What are they?• How many sessions will you need to present the material? How will you chunk the material?• When will the training occur – daytime, nighttime, on their “own” time? Powerpoint Templates Page 27
    28. 28. Design Instruction• Instructor led• Tutorial – online style• Distance learning – combination of the above Powerpoint Templates Page 28
    29. 29. Instructional Material Development• If instructor led training – will you use PowerPoint, media, duct tape, computer cards?• If online? what tools to use - Captivate, InDesign, PowerPoint, YouTube?• Text materials - what is most important- make it concise, easy to read, clear to understand - think about how easy updating it will be, who will own the materials?• Will you need to use a subject matter expert to define content and evaluate structure of learning? Powerpoint Templates Page 29
    30. 30. Development• What activities will best bring about the required performance? – How do you engage the students? – What will transfer the learning best to the students in the most efficient manner? Powerpoint Templates Page 30
    31. 31. Implementation• It is best to pilot the training to make sure it flows, is clear and tested for effectiveness. See what works, what doesn’t. Make changes and test again.• Schedule the implementation with key stake holders – good training, bad timing, not so effective Powerpoint Templates Page 31
    32. 32. Evaluation• How will you evaluate the success of the training?• How do you test the transfer of knowledge as a result of training?• Test students or make them perform specific actions? Powerpoint Templates Page 32
    33. 33. Five Main Purposes of Evaluation1. Feedback- linking learning outcomes to objectives – providing quality control2. Control – consider organizational culture and most effective means to transfer information3. Research – determine relationship between training and transfer of training to the job4. Intervention- the results of the evaluation influence the context in which it is occurring5. Power Games – manipulating evaluative data for organizational politics. Powerpoint Templates Page 33
    34. 34. Managing the Training• Who updates it, schedules it, registers folks or makes sure they completed training if online?• Do you have an Learning Management System? How will you integrate your training into it? Powerpoint Templates Page 34
    35. 35. Integrating Video•Topics – event driven,seasonally driven•Costs - $3000 - $4000 forprofessional product•Resources needed – iPhonehas video, video cameraswidely owned Powerpoint Templates Page 35
    36. 36. Integrating Video continued• Branding – keep the professional image of the university/department• Timeline – plan in advance• Creative control – micro manage or give creative license to artists Powerpoint Templates Page 36
    37. 37. Educause Video/PosterWinners Powerpoint Templates Page 37
    38. 38. Educause Video/PosterWinners Powerpoint Templates Page 38
    39. 39. Educause Video/Poster Winners Powerpoint Templates Page 39
    40. 40. Educause http://www.youtube.com/watch? v=XrIPZi4fnRc&list=PLCD6AD23B84CAC7video 5A&index=1&feature=plpp_videowinners Powerpoint Templates Page 40
    41. 41. http://security.rit.edu/dsd/awareness.html Powerpoint Templates Page 41
    42. 42. http://www.purdue.edu/securepurdue/ Powerpoint Templates Page 42
    43. 43. http://www.baylor.edu/its/index.php?id=39967 Powerpoint Templates Page 43
    44. 44. Powerpoint Templates Page 44
    45. 45. Resourceshttps://wiki.internet2.edu/confluence/display/itsg2/Cybersecurity+https://wiki.internet2.edu/confluence/display/itsg2/Security+Awarhttps://wiki.internet2.edu/confluence/display/itsg2/Security+Awarhttp://www.educause.edu/SecurityVideoContest Powerpoint Templates Page 45
    46. 46. Resources continued• https://wiki.internet2.edu/confluence/display/its• https://wiki.internet2.edu/confluence/displa y/itsg2/Organizing+Your+Campus+IT+Sec urity+Website Powerpoint Templates Page 46
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.