1 / 20

A Security Training Program through Transformational Leadership and Practical Approaches

A Security Training Program through Transformational Leadership and Practical Approaches. Security Awareness. Security Orientation. Tanetta N. Isler Federal Information Systems Security Educators’ Association (FISSEA) Executive Board Member 2003-2005. Role-Based Training.

bryantg
Download Presentation

A Security Training Program through Transformational Leadership and Practical Approaches

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Security Training Program through Transformational Leadership and Practical Approaches Security Awareness Security Orientation Tanetta N. Isler Federal Information Systems Security Educators’ Association (FISSEA) Executive Board Member 2003-2005 Role-Based Training Annual Security Training

  2. Security Training Program Success StakeholderMeetings Training Program Office of IT Strategic Plan Vision Mission Goals Training Plan IT Security Policy Organizational acceptance and integration of IT security policies, procedures, and practices within an organization’s existing lines of business rules and practices. • Meetings • Working Groups • Communities of Practices • Committees • Acquire resources • Execute Program • Evaluate Program • Goals and objectives • Milestones to achieve • Performance indicators • Define parameters • Determine logistics • Identify resources • Goals and objectives • Milestones to achieve • Performance indicators Training Strategic Plan • Define authority • Assign responsibility • Guide resource allocation

  3. A Strategic Plan guides the process to creating the training Plan which leads to establishing or maintaining a training program.

  4. Strategic Plan objectives guide the process to creating a Training Plan which leads to establishing or maintaining a Training Program. TRAINING STRATEGIC PLAN GOAL 1: Design, develop and implement a fully integrated training program GOAL 2: Comply with Federal IT security directives and mandates GOAL 3: Ensure training program is evaluated OBJECTIVE: Awareness Provide security awareness activities to all employees within the Department/Agency OBJECTIVE: Orientation Identify all new hires and provide security orientation “60-days prior to employee’s use of IT systems” OBJECTIVE: Annual Refresher Training Identify all IT end-users and provide security awareness training “annually” OBJECTIVE: Role-Based (Specific) Training Identify all employees with significant security responsibilities to provide security training in functional specialties

  5. A Strategic Plan guides the process to creating the Training Plan which leads to a Training Program.

  6. Developing a Training Plan can be considered the Analysis (and Design) phase of what instructional designers/training specialists call the ADDIE model Define what is to be learned Analysis Design Formative Evaluation Development Implementation Summative Evaluation McGriff (2000) Instructional Systems, College of Education, Penn State University

  7. A Training Plan determines the learner profile, description of possible constraints and needs

  8. The Kirkpatrick Model of evaluation utilizes four levels of evaluation: Reaction, Learning, Behavior and ROI BUSINESS IMPACT/ROI–compares the cost of the training with benefits BEHAVIOR- transfer of learning is the extent to which a change in behavior LEARNING-extent to which participant’s attitudes change, improve knowledge and increase skills REACTION – feedback of attitude and feeling towards training

  9. Developing the Training Plan by identifying training criteria

  10. The Kirkpatrick Model of evaluation utilizes four levels of evaluation: Reaction, Learning, Behavior and ROI BUSINESS IMPACT/ROI–compares the cost of the training with benefits BEHAVIOR- transfer of learning is the extent to which a change in behavior LEARNING- extent to which participant’s attitudes change, improve knowledge and increase skills REACTION – feedback of attitude and feeling towards training

  11. To determine the needs for role-based training we reference NIST SP 800-16 IT Security Training Matrix

  12. Continue to identify the training criteria for role-based training: IT Security Management: Manage

  13. To determine the needs for role-based training we reference NIST SP 800-16 IT Security Training Matrix

  14. Continue to identify the training criteria for role-based training: IT Security Management: Acquire

  15. The Kirkpatrick Model of evaluation utilizes four levels of evaluation: Reaction, Learning, Behavior and ROI BUSINESS IMPACT/ROI–compares the cost of the training with benefits BEHAVIOR- transfer of learning is the extent to which a change in behavior LEARNING- extent to which participant’s attitudes change, improve knowledge and increase skills REACTION – feedback of attitude and feeling towards training

  16. Developing a Training Plan can be considered the Analysis (and Design) phase of what Instructional designers or training specialists call the ADDIE model Define what is to be learned Plan instruction Analysis Formative Evaluation Design Determine the effectiveness of the instruction Execute instruction Development Implementation Summative Evaluation Develop instructional materials McGriff (2000) Instructional Systems, College of Education, Penn State University

  17. Create a a series of Matrixes to determine trends to guide decision-making : Training Audience Matrix

  18. Create a a series of Matrixes to determine trends to guide decision-making : Budget Allocation, Training Delivery, Delivery Timeframe, Additional Resources, and Evaluation and Measurement

  19. Create a a series of Matrixes to determine trends to guide decision-making : Budget Allocation, Training Delivery, Delivery Timeframe, Additional Resources, and Evaluation and Measurement

  20. Security Training Program Success StakeholderMeetings Training Program Office of IT Strategic Plan Vision Mission Goals Training Plan IT Security Policy After accessing the security training needs determine what is the most effective approach in acquiring resources, executing and evaluating the Training Program • Determine what resources you have to accomplish the Training Strategic Plan vision, mission, goals Who can develop training based on needs? What can we do to develop the most effective security training with the resources we have? Training Strategic Plan

More Related