Infosec now offers campaign kits through its Infosec IQ product: prebuilt campaigns consisting of layered training materials and implementation recommendations. While many vendors are willing to provide guidance on how you should build and deliver your campaign, these kits from Infosec Institute already have that guidance built in. This means even less work for you, along with the knowledge that you are delivering the same training content that other organizations have successfully implemented.
As stated, these kits have layered training material. This means that content is available in multiple forms and all relate back to a central theme. The main content takes the form of short videos, either animated or live action. To support these videos, supplementary training in the form of posters, digital banners, email templates, phishing templates, education pages, and life-size banners are provided. All this content relates back to the main theme of the kit and seeks to reiterate some of the most important points from the main video series.
Infosec Institute provides layered security awareness campaigns. Source: Infosec Institute.
Currently Infosec has three kits available, but let’s look at one example in more detail: a kit called WORKed. This kit includes 12 videos as the main source of content, including a trailer that can be used to tease the content before launch. Each video follows live-action characters in an office setting, re-enacting instances where security is called into question. The videos are short (less than five minutes) and comedic, each video acting as a single episode in a series. Supplementary materials like those described previously are included. They depict certain characters and scenes from the videos to remind end users about the content they watched or to tease upcoming content.
Building and delivering a security awareness and training program for the first time should be a low-hanging-fruit initiative: low effort, high reward. Even a small amount of training can greatly increase the security of an organization. However, some organizations simply do not have the time or experience to put together their own campaigns and remain confident that they will be successful. Maybe they should train more frequently, focus less on passwords, or complement every other module with posters, etc. This line of thought is a rabbit hole that can be avoided by using the prebuilt campaigns offered by vendors like Infosec Institute. All you must do is decide the dates when the training is to go out – the vendor takes care of the rest (e.g. providing already-selected content, updating the training, tracking participation). This leaves you to monitor at your leisure the metrics the vendor offers that measure the effectiveness of your program.
These prebuilt, layered campaigns are also valuable to those who already have a training program in place. Due to the short nature of the videos included in these prebuilt campaigns, they can be easily integrated into an existing program. This is especially effective if you are looking to increase the frequency of training, while exploring new training styles.
Trend Micro has added training content to its free Phish Insight tool, originally a simple, cloud-based phishing platform. The new training content comes from partnerships with NINJIO, InfoSec, GoldPhish, and NextTech Security.
Avaya’s newly released firmware addresses a vulnerability that has survived for 10 years in VoIP phone models configured with H.323 signaling.
A hacker has compromised 106 million Capital One customers after a data breach. But the real story might be less to do with cloud security itself and more to do with Capital One’s own security engine for cloud services.
Apple has delivered a silent update to Macs, rectifying a security flaw in its Zoom web-conferencing service.
MediaPRO has taken the lead in the market on offering training around the impending California Consumer Privacy Act (CCPA), a data privacy law set to go into effect on January 1, 2020.
ISACA has partnered with InfoSec Institute to produce a whitepaper on leveraging marketing techniques and metrics to improve security awareness. This is a valuable resource that contains universally applicable information.
KnowBe4, a leader in end-user security training, has begun the authorization process for the Federal Risk and Authorization Management Program (FedRAMP). This is yet another initiative by KnowBe4 to better secure the data collected by its customers.
KnowBe4, a leader in end-user security training, has acquired El Pescador, a Brazilian security awareness and training company. This could be a good fit if you are looking for a vendor who can provide a wide variety of topics and training formats.