Login

u/anthonyDavidson31

▲ 6 r/cybersecurity

How strict are cyber insurance / compliance mandates on security awareness training completion?

Making security awareness training for our employees. While I've got interactive exercises in place, I still want to ease the burden of the mandatory security awareness refresher.

The idea is to create many exercises on different topics, but let people take a 5-question quiz first. If they answer the quiz correctly, it means their knowledge is sufficient, and they can skip the exercise. That way, I hope to fill the gaps in knowledge while skipping the boring "here's how a phishing email looks" if the person is knowledgeable on the topic

I know we've got insurance and compliance clauses to have the training is in place, so I'm limited in what I can offer and want to explore the options here. And maybe I'm missing an angle under which it's still better to make people go through the exercise, no matter what.

But before embarrassing myself in front of my management wanted to double-check how common the mandatory SAT clause is? Like, do all insurance companies require employees to go through the exercises no matter what? Or there's some level of flexibility here?

reddit.com
u/anthonyDavidson31 — 2 days ago
▲ 7 r/instructionaldesign

Engaging vs. time-saving cybersec training. What's better?

Building a cybersecurity awareness training, and got into a debate with myself.

Option A: engaging and interactive. In theory, users should resent this type of content less and gain practical skills for dealing with threats. Obviously, this format takes a much bigger portion of participants' time than clicking through the presentation. But builds muscle memory and improves knowledge

Option B: save people's time with a less interactive approach, but accept that the training becomes a wall of text we all click through without reading. Thus, minimal knowledge or skills would be gained

Obviously ideal scenario would be to meet in the middle and provide "somewhat interactive, but time-efficient" training. Which is what I'm trying to do. And if I ask employees at our company, 100% of them would tell me that the faster they complete it, the better

The question is: if you had option A and option B, which are the polar opposites -- which would you choose?

reddit.com
u/anthonyDavidson31 — 7 days ago