This document outlines a presentation about creating an effective cyber security awareness programme. It discusses the importance of effective planning, including conducting a learning needs analysis. It recommends a sample architecture that offers a modern mix of learning and communication tools. It also provides examples of how to raise awareness through impactful communications, deliver knowledge and skills through online learning, encourage transferring learning to the workplace through activities and scenarios, and reinforce learning through evaluation and reminders. The presentation concludes with a question and answer section.

1. © IT Governance Ltd 2018
Presenter:StefanieRetfalvi,LearningDesign&SolutionsConsultant,ITGovernance
Creating an effective Cyber Security
Awareness Programme

2. © IT Governance Ltd 2018
Agenda
01
02
03
04
06
07
?
Q&A
05
Cyber Security
Awareness
Programme

3. About IT Governance
& Introduction

4. © IT Governance Ltd 2018
About IT Governance

5. © IT Governance Ltd 2018
Introduction
• Stefanie Ildiko RETFALVI
• Learning Design & Solutions Consultant
• International cross-sectorexperience

6. © IT Governance Ltd 2018
Why a Programme?
• Learner fatigue.
• The broader, the better.
• Stronger defence against threats / lower risk thanks to increased
awareness.
• Best ROI due to risk matrix and prioritisation.
• Credibility and trust.
• Empowering of employees to make informed decisions (size of security
function = as large as the organisation).
• The consequences of non-compliance.

7. © IT Governance Ltd 2018

8. © IT Governance Ltd 2018
Effective Planning

9. © IT Governance Ltd 2018
Effective Planning
Learning Needs Analysis
This should:
 Provide an overview of your employees’ level of awareness.
 Allow to identify any common gaps in knowledge.
 Give an indication of employee motivation and attitudes regarding
security.
 Pinpoint trends in learning style preferences of the workforce.
 Design structured learning path, mapping a number of suitable
interventions to recommended timescales.
 Identify business & learning objectives, as well as relevant KPIs for
annual evaluation.

10. MotivationMotivation
TimescalesTimescales

11. © IT Governance Ltd 2018
Sample Architecture

12. © IT Governance Ltd 2018
Sample Architecture
It is important to offer a modern
mix of different learning and
communications tools to
address individuals’ diverse
needs and preferences.

13. © IT Governance Ltd 2018
Raising Awareness

14. © IT Governance Ltd 2018
Why?
Winning Hearts and Minds
To attain the highest levels of
impact, it is important to generate
personal investment at the start of
the programme.

15. © IT Governance Ltd 2018
Why?
Sample Solution: An impactful opening Communications Piece
This should:
 Grab employees’ attention.
 Ensure that the audience views the training as more than just a ‘tick-box‘.
 Effectively convey an overview of key messages in a concise, highly visual
format.
 Help to overcome any potential resistance to the initiative.
 Encourage reflection.
 Serve as a versatile learning and communications piece that can not only be
used as an introduction to e-learning but also be deployed to internal
communications channels and be used as a standalone asset.

16. © IT Governance Ltd 2018
Example

17. © IT Governance Ltd 2018
Delivering Knowledge
& Skills

18. © IT Governance Ltd 2018
What?
Delivering relevant Knowledge & Skills
For optimal knowledge retention,
information needs to be clear,
accessible and easy to digest.

19. © IT Governance Ltd 2018
What?
Sample Solution: An online learning module
This should:
 Convey content in concise units, ensuring that key information
is accessible and easy to digest.
 Make effective use of visualisation techniques to optimise
knowledge retention.
 Provide a positive user experience.
 Be based on proven instructional design methods.

20. © IT Governance Ltd 2018
Example

21. © IT Governance Ltd 2018
Transfer to the Workplace
& Behaviour ChangeJT34

22. Slide 21
JT34 and
Jonathan Todd, 10/01/2018

23. © IT Governance Ltd 2018
How?
Encouraging transfer to the workplace
It is not enough to know what best
practice involves. Learners need to
apply their obtained knowledge in
their everyday activities.

24. © IT Governance Ltd 2018
How?
Sample Solution: Activities and Scenarios
These should:
 Be meaningful, encouraging deep reflection and the
transfer of acquired knowledge to the workplace.
 Make learners active participants by challenging them to
recall key information in relevant contexts.
 Prompt participants to identify risks and apply best
practice in situations that could arise in real life on the job.

25. © IT Governance Ltd 2018
Example

26. © IT Governance Ltd 2018
Evaluation &
Reinforcement
JT38

27. Slide 25
JT38 and
Jonathan Todd, 10/01/2018

28. © IT Governance Ltd 2018
Evaluation
Effectively measuring Success
Continual monitoring of progress will
ensure that learners have achieved
the required level of knowledge and
understanding.

29. © IT Governance Ltd 2018
Example

30. © IT Governance Ltd 2018
Reinforcement
Ensuring Key Messages stay alive
Once the programme is finished, it is
important to ensure that cyber
security remains at the forefront of
learners’ minds.

31. © IT Governance Ltd 2018
Example

32. © IT Governance Ltd 2018
Conclusion &
Your turn! Q&A

33. © IT Governance Ltd 2018
Conclusion

34. © IT Governance Ltd 2018
Stay in touch!
Call us
+44 (0)333 800 7000
Email us
servicecentre@itgovernance.co.uk
Visit our website
www.itgovernance.co.uk
Like us on Facebook
/ITGovernanceLtd
Follow us on Twitter
/itgovernance
Join us on LinkedIn
/company/it-governance
Read our blog
www.itgovernance.co.uk/blog

35. © IT Governance Ltd 2018
Q&A
Queries?
Understanding?
Clarification?