Preparedness vs. Awareness
Dennis E. Leber, Ph.D.
CISO | PhD | CISSP | Veteran |Top 100 CISO | QTE | Adjunct Professor | AI Governance & Security | Building Trust is Paramount
We all participate and have experience with Security Awareness Training. Under HIPAA, it is required.
Too often, this training becomes ineffective due to the same slide show shown year after year, or in the instance of HIPAA, each organization is charged with providing awareness training. If you are a provider associated with several entities, you must take similar training from several sources.
When the training becomes redundant, boring, and stagnating, it becomes ineffective. Additionally, how do you measure the effectiveness of said training?
What I propose and implement is security preparedness and response training (SPAR). The foundation of SPAR training provides information, a microlearning format, which facilitates folks in preparing for cybersecurity attacks, including recognizing them and then how to respond.
The SPAR training is continuous, not a static annual presentation. While working with UTHSC, we built such a program - Cybersecurity | Information Technology Services (ITS) | UTHSC.
What innovative and creative methods have you deployed? For those that ingest this training, what would you like to see?
Rehearsals (Sandtables) are another exercise that lends value to SPAR training. See my previous edition on Sandtables.
Marketing Specialist
2 年Thanks for posting
IT Service Center Manager | Cybersecurity & Human Risk Practitioner, Advocate & Advisor | Entrepreneur | Founder | Idea Man | Former Semi Pro Athlete
2 年Dennis E. Leber, Ph.D. Thanks for the SPAR share as this is a great resource for all to see in order to help model their own program for their own environment. And I agree that cybersecurity wellness training must be continuous and not static. I find that sharing bits and bits of cybersecurity knowledge and wisdom coupled with creative marketing techniques such as catch phrases, fonts, colors, pictures, videos and sound can connect with the human OS's emotions and feelings in order to change their behavior not just for the immediate present time but for the life of the individual. Long term sustainable cybersecurity wellness is a must in today's technological world. Again, great share, as always, and the more sharing of cybersecurity awareness the more wellness we will obtain as a community.