Main Nav

Security Awareness Training Content - Primary vs. Reinforcement

In our last blog post, we discussed the challenges of awareness training that is compliance focused vs impact focused.  Compliance focused training has the primary goal of meeting compliance requirements, ensuring the organization can 'check the box' to meet certain standards (such as FERPA, GLBA, etc).  While important, my passion and goal is to go beyond just compliance and change behaviors, to make people and your organization more secure.  To do this I break awareness training down into two categories.

Security Awareness Programs - Compliance vs. Impact

I'm very happy to be invited as guest blogger for EDUCAUSE during Security Awareness Month. Over the course of the next couple weeks I and several others will be sharing with you some key lessons learned on how to deploy effective awareness programs. For today I wanted to share with you something I am very passionate about, the difference between compliance and impact. Traditionally most awareness programs have focused on compliance, meeting requirements set down by certain standards. For the edu community this includes standards such as FERPA, GLBA and RFR. Compliance is important, we must ensure that your school meets these standards. Unfortunately though compliance can also be a hinderance, especially when it comes to awareness. Often management's goal is simply to check the box and invest the absolute minimum to achieve compliance, perhaps nothing more then some power point slides once a year.

Tags from the EDUCAUSE Library