Building a robust security awareness program is important, but it can be in vain if your employees don’t buy into what you’re selling and actually change their security behavior. In this three-day course, you’ll not only learn how to create a security awareness program, you’ll learn proven persuasion and inspiration techniques to help you “sell” employees on security and influence the security culture of your organization.

Infosec’s intensive boot camp also prepares you to pass the IACRB Certified Security Awareness Practitioner (CSAP) exam. You’ll leave the course armed with practical tips to take back to your organization to help create and manage a successful security awareness program — and ultimately influence security behaviors and your organization’s security culture.

• Three days of security awareness practitioner training with an expert instructor
• Infosec digital CSAP courseware (physical textbooks available to purchase)
• CSAP exam voucher
• 90-day access to course replays (Flex Pro)
• 100% Satisfaction Guarantee
• Exam Pass Guarantee (Flex Pro)

Any hacker will tell you that the easiest target isn’t a system or a technology — it’s people. In this course, you’ll learn how to engage your audience and create “pull” for your training and awareness. You’ll learn how to assess the security culture of your organization and map out a plan to improve it. You’ll learn how align your program to your organization’s goals and get executive support. You’ll learn how people learn, and how they consume media. You’ll learn how to create marketing personas and how to get the right message to the right person at the right time, increasing the likelihood of behavioral change.

You’ll also learn about:

• The awareness maturity model
• Measuring impact and engagement
• Integrating existing technology with your training and awareness program
• Evaluating human risk

• Security awareness officers/specialists
• Compliance and privacy officers
• Information security managers
• Human resources and employee training and development professionals
• Marketing and communication professionals new to security awareness
• Professionals whose responsibilities include developing and managing an information security awareness training and education program

This course is appropriate for:

• Established security practitioners with existing security expertise who are new to the practice of security training and awareness
• People with existing marketing and communications experience who are entering the field of security training and awareness

After attending the Certified Security Awareness Practitioner Boot Camp, you will have sufficient knowledge and skills to be able to:

• Evaluate your organization’s current level of human risk and the prevailing security culture
• Evaluate your existing security awareness programs and necessary areas of improvement
• Build a new program using time-tested techniques to get the right message to the right person at the right time
• Learn how to brand and internally market your program so that you can gain attention and buy-in throughout your organization
• Learn how to run an integrated campaign and measure results such as reach and engagement throughout the security awareness “funnel”
• Influence culture change so you’re not pushing security awareness, but are creating pull for your program via awareness training that people actually want
• Integrate your awareness program into your existing endpoint protection system
• Select the best training platform for your organization, and leave with a comprehensive buyer’s guide to help you get started

The IACRB CSAP is designed to certify that candidates have expert level knowledge and skills in planning, developing and implementing a successful enterprise security awareness training program.

The CSAP body of knowledge consists of seven domains covering the responsibilities of a security awareness practitioner. The certification exam is a 50-question, traditional multiple-choice test. Questions are randomly pulled from a master list and must be completed in two hours. The seven CSAP domains are:

1. The need for enterprise security awareness training
2. Security and communication terminology and concepts
3. Security awareness program planning
4. Security awareness program development
5. Security awareness program implementation
6. Managing a security awareness program
7. Common challenges related to security awareness training

A 70% is the passing score for the CSAP exam.

Day 1

• Course introduction: Building a successful security awareness and training program
• Program design
  • Forming awareness team
  • Understanding organizational context
  • Gathering requirements
  • Setting program scope
  • Selecting program KPIs and performance metrics
  • Selecting and embedding evaluation methods
  • Developing reward program
  • Developing program implementation plan
  • Developing awareness policy
  • Integrating awareness training into administrative processes and existing technical controls

Day 2

• Program development and asset acquisition
  • Identifying sources
  • Developing or acquiring training materials
  • Budgeting the program
  • Developing program execution project plan
  • Communicating with stakeholders

• Program implementation
  • Launching your first campaign
  • Ensuring awareness policy acknowledgement
  • Executing project plan
  • Keeping records

Day 3

• Post-implementation
  • Monitoring, measuring, and communicating program effectiveness
  • Keeping the program current
  • Updating project plan
  • Reinforcing the program
  • Building a network of security champions
  • Sharing success stories
• Take the CSAP exam