Brief History of Corporate Information Security and Privacy Awareness and Training Once Upon a Time Welcome to the Information Age Information Security and Privacy Education Current Challenges Bring Changes in Professional Education Notes Why Training and Awareness Are Important Regulatory Requirements Compliance Customer Trust and Satisfaction Compliance with Published Policies Due Diligence Corporate Reputation Accountability Legal and Regulatory Requirements for Training and Awareness Awareness and Training Needs Legal Considerations Copyright Considerations Specific Regulatory Education Requirements Incorporating Training and Awareness into Job Responsibilities and Appraisals Motivation Factors Methods of Security and Privacy Objectives Assessments Performance against Specific Privacy and Security Objectives Considering Security and Privacy within Job Performance as a Whole Paying for Performance Challenges Common Corporate Education Mistakes Throwing Education Together Too Quickly Not Fitting the Environment Not Addressing Applicable Legal and Regulatory Requirements No Leadership Support Budget Mismanagement or No Budget Using Unmodified Education Materials Information Overload No Consideration for the Learner Poor Trainers Information Dumping No Motivation for Education Inadequate Planning Not Evaluating the Effectiveness of Education Using Inappropriate or Politically Incorrect Language Getting Started Determine Your Organization''s Environment, Goals, and Mission Identify Key Contacts Review Current Training Activities Review Current Awareness Activities Conduct a Needs Assessment Create Your Road Map Elements of an Effective Education Program Establish a Baseline Hard Data Soft Data Benefits of a Baseline Get Executive Support and Sponsorship Executive Security and Privacy Training and Awareness Strategy Briefing Provide Examples of Security and Privacy Impacting Events Identify Training and Awareness Methods Adult Learning Training Delivery Methods Auditorium Presentations to Large Groups Remote Access Labs Satellite or Fiber Optics Long-Distance Learning Web-Based Interactive Training (such as Webinars) Audio Instruction Video and DVD Workbooks On-the-Job (OTJ) Conference Calls Outsourced Training and Awareness with Professional Education Services Education Provided by Professional Societies Government-Sponsored Training Awareness Methods Awareness and Training Topics and Audiences Target Groups Topics Mapping Topics to Roles and Target Groups Standards and Principles Define Your Message Customer Privacy Laws and Regulations Access Controls . Risk Management Prepare Budget and Obtain Funding Obtain Traditional Funding if You Can Obtain Nontraditional Funding when Necessary Final Budget and Funding Thoughts Training Design and Development Training Methods Design and Development Choosing Content Core Content Job-Specific Content and Topics for Targeted Groups Learning Activities Training Design Objectives Awareness Materials Design and Development Contrasting Awareness and Training Make Awareness Interesting Awareness Methods Awareness Is Ongoing Developing Awareness Activities and Messages Bimonthly Customer Privacy Newsletters Communications Identify Where You Need to Improve, Update, or Create Information Security and Privacy Training and Awareness Obtain Executive Sponsorship Communicate Information Security and Privacy Program Overview Send Target Groups Communications Outlining the Information Security and Privacy Training and Awareness Schedules and Their Participation Expectations Deliver In-Person Training What to Avoid in Training Multinational Training Considerations Delivering Classroom Training Tips for Trainers Visual Aids Training in Group Settings Case Studies Launch Awareness Activities Identify Areas in Which You Need to Improve, Update, or Create Awareness Obtain Executive Sponsorship Communicate the Information Security and Privacy Program Overview Identify Trigger Events Identify Target Groups Identify Your Awareness Methods and Messages Evaluate Changed Behavior Update and Perform Ongoing Awareness Plan for Specific Events Evaluate Education Effectiveness Evaluation Areas Evaluation Methods Evaluating Education Effectiveness: Intangible Benefits Determining Intangible Benefits of Training and Awareness Evaluating the Effectiveness of Specific Awareness and Training Methods Evaluating the Effectiveness of Awareness Newsletters Surveys Composition Survey Questions Survey Administration Education Effectiveness Evaluation Framework Activities Checklist Leading Practices Consulting for a Federal Organization to Improve Its Training and Awareness Program Case Study: 1200 Users, 11 Cities, in 7 Weeks . and They Wanted to Come to Security Awareness Training Obtaining Executive Sponsorship for Awareness and Training Information Assurance Awareness Programs in Multinational Manufacturing Organizations ISO 17799 Awareness for IT Managers Requires Security Mindset Changes: Putting the Cart before the Horse Education and Awareness for Security Personnel Security Awareness via E-Learning: A Case Study What''s the Speed of Dark? Enlightenment through Education Aetna''s Award-Winning Security Awareness Program Closing Comments Addendum: How to Build a Custom Web-Based InfoSec Exam Security Awareness Case Study APPENDICES A Sample Executive Education Sponsorship Memo B Training Contact Training Data Collection Form C Effectiveness Evaluation Framework D Sample Privacy Roles Definitions E Suggested Customer Privacy Awareness and Training Strategy Announcement as Voice Mail Message F Security and Privacy Icon or Mascot G Sample Privacy Training Survey H Customer Privacy Sample Training Plans I Advocate and SME Interview Questions to Assist with Customer Privacy Training Development J Training and Awareness Inventory K Incorporating Training and Awareness into the Job Appraisal Process Interview/Questionnaire L Training Contact Data Collection and Evaluation Form M Sample Customer Privacy Awareness and Training Presentation N Designated Security and Privacy-Related Days O Education Costs Worksheet P Sample Pretraining/Awareness Questionnaire Q Security Awareness Quiz Questions R Consumer Privacy Pop Quiz S Information Security and Privacy Awareness and Training Checklist T Awareness and Training Resources U Awareness and Training Glossary V Sample Case Studies.