About this Video

• Video Title: Security Awareness, Education, and Training
• Channel: Tom Olzak
• Speakers: Tom Olzak
• Duration: 00:08:32

Introduction

This video discusses the crucial role of security awareness, education, and training in mitigating cybersecurity risks. It emphasizes that human error is a major cause of cyberattacks and highlights the importance of a comprehensive approach to managing employee behavior in relation to security.

Key Takeaways

• Human error is a significant factor in successful cyberattacks: The video cites reports suggesting user behavior is responsible for up to 95% of successful attacks.
• Technical controls are preferred over relying solely on user behavior: Technical security measures should be implemented whenever possible, with user training filling remaining gaps.
• Security awareness training should be tailored to different roles: Training content needs to be relevant to the specific roles and responsibilities within an organization (e.g., managers, IT staff, business users).
• Effective security awareness programs require a documented, dynamic plan: This plan should include assessment, content development, delivery, and results monitoring. It should be responsive to changes in risk and organizational needs.
• Three approaches to delivering training content are instructor-led, computer-based, and blended learning: Each approach has advantages and disadvantages depending on organizational structure, resources, and employee distribution. Regular, focused training is considered more effective than annual training alone.