Try the SANS reading room for some ideas. I did
something like this for my GSEC practical, but it'll
be somewhat out of date now. They do have a
significant user awareness section though.
As for tips:
I'd do two groups - Non-technical and technical. I
don't see any reason to do one for sales, one for
management etc. If they aren't active IT personnel,
they should be classified as non-technical.
Use visuals and examples where possible.
Use lots of analogies to things that they keep secure
in their everyday life (i.e. PIN number for bank card
etc)
Do many small sessions rather than one big one. You'll
lose people if it's any longer than an hour. When I do
this kind of thing for my company I do lunch-hour
sessions and spread it out over a couple of days.
Kenton
-----Message d'origine-----
De : Syn Ack [mailto:thin.hack@gmail.com]
Envoyé : lundi 19 septembre 2005 14:35
À : security-basics@securityfocus.com
Objet : Security Training for Company's Employee
Hello listmembers,
I've just began a new job two months ago and I'm
currently in charge
of improving the information security level in our
company. As part of
this process I've been asked to create a InfoSec
training for all the
company employees. I plan to split my training in
several classes for
different kind of audience: general, management,
sales, technical,
etc. But I never had to make something like this
before. Have some of
you any experience about the topic?
Any help/ideas/suggestions on information security
training is welcome.
Dominique
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
