A framework for effective training
Effective information security training does not happen by accident. It requires an intentional effort to improve the cybersecurity awareness of the average employee. There are numerous topics that should be covered in an information security awareness program, but not all of them are relevant to every employee. For example, if a small percentage of employees handle personal information, those employees need to be trained on the proper handling of that information, but the same training that may be critical for those employees may be irrelevant to others. Defining what training modules are relevant based on roles will help tailor the program to roles properly. Tailoring the program is an important point. Generic training where much of the content is irrelevant to most attendees results in poor engagement and little progress. The more tailored the content is, the more likely it is that attendees will gain something valuable from the experience.
...
