Conferences & Events
Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Security Awareness Training Content - Primary vs. Reinforcement
In our last blog post, we discussed the challenges of awareness training that is compliance focused vs impact focused. Compliance focused training has the primary goal of meeting compliance requirements, ensuring the organization can 'check the box' to meet certain standards (such as FERPA, GLBA, etc). While important, my passion and goal is to go beyond just compliance and change behaviors, to make people and your organization more secure. To do this I break awareness training down into two categories.
Security Awareness Programs - Compliance vs. Impact
I'm very happy to be invited as guest blogger for EDUCAUSE during Security Awareness Month. Over the course of the next couple weeks I and several others will be sharing with you some key lessons learned on how to deploy effective awareness programs. For today I wanted to share with you something I am very passionate about, the difference between compliance and impact. Traditionally most awareness programs have focused on compliance, meeting requirements set down by certain standards. For the edu community this includes standards such as FERPA, GLBA and RFR. Compliance is important, we must ensure that your school meets these standards. Unfortunately though compliance can also be a hinderance, especially when it comes to awareness. Often management's goal is simply to check the box and invest the absolute minimum to achieve compliance, perhaps nothing more then some power point slides once a year.