Making Security Training Interesting

By: Absolute Team | 12/8/2008

SANS Internet Storm Center's Lenny Zeltser put together an article that caught my attention for being both accurate and blunt: "Security Awareness Training Is Boring."

So true, and perhaps why it's not kept up, or is completely ignored. And when something is ignored, it's a good time to shake it up. We've offered some suggestions in the past for being creative in training methods.

Lenny put together some ideas for shaking things up in the security training department - doing things that are unsual and personally relevant to make them remember. Ideas include making a "commercial" style interruption during another meeting, one that reminds employees of security issues. Rewarding employees for reporting unsafe IT practices anonymously can work, and has been suggested in many articles. Also, "bribes" like food at security meetings can help bolster attendance.

And you can integrate funny videos like this one, "The Duhs of Security," created by the Virginia Government:

The SANS article references another great article written by Marcum Ranum entitled "The Six Dumbest Ideas in Computer Security". Worth a read.

Financial Services