RE: Security Training for Company's Employee

[Kenton Smith <listsks () yahoo ca>]

Try the SANS reading room for some ideas. I did
something like this for my GSEC practical, but it'll
be somewhat out of date now. They do have a
significant user awareness section though.
As for tips:
I'd do two groups - Non-technical and technical. I
don't see any reason to do one for sales, one for
management etc. If they aren't active IT personnel,
they should be classified as non-technical.
Use visuals and examples where possible.
Use lots of analogies to things that they keep secure
in their everyday life (i.e. PIN number for bank card
etc)
Do many small sessions rather than one big one. You'll
lose people if it's any longer than an hour. When I do
this kind of thing for my company I do lunch-hour
sessions and spread it out over a couple of days.

Kenton

> -----Message d'origine-----
> De : Syn Ack [mailto:thin.hack () gmail com] 
> Envoyé : lundi 19 septembre 2005 14:35
> À : security-basics () securityfocus com
> Objet : Security Training for Company's Employee
>
> Hello listmembers,
> I've just began a new job two months ago and I'm
> currently in charge
> of improving the information security level in our
> company. As part of
> this process I've been asked to create a InfoSec
> training for all the
> company employees. I plan to split my training in
> several classes for
> different kind of audience: general, management,
> sales, technical,
> etc. But I never had to make something like this
> before. Have some of
> you any experience about the topic?
>
> Any help/ideas/suggestions on information security
> training is welcome.
>
> Dominique


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com