Brief History of Corporate Information Security and Privacy Awareness and Training Once Upon a Time Welcome to the Information Age Information Security and Privacy Education Current Challenges Bring Changes in Professional Education Why Training and Awareness Are Important Regulatory Requirements Compliance Customer Trust and Satisfaction Compliance with Published Policies Due Diligence Corporate Reputation Accountability Legal and Regulatory Requirements for Training and Awareness Awareness and Training Needs Legal Considerations Copyright Considerations Specific Regulatory Education Requirements Incorporating Training and Awareness into Job Responsibilities and Appraisals Motivational Factors Methods of Security and Privacy Objectives Assessments Performance against Specific Privacy and Security Objectives Using Appraisal Results Considering Security and Privacy within Job Performance as a Whole Paying for Performance Additional Percentage Element Added to Pay Challenges Common Corporate Education Mistakes Throwing Education Together Too Quickly Not Fitting the Environment Not Addressing Applicable Legal and Regulatory Requirements No Leadership Support Budget Mismanagement or No Budget Using Unmodified Education Materials Information Overload No Consideration for the Learner Poor Trainers Information Dumping No Motivation for Education Inadequate Planning Not Evaluating the Effectiveness of Education Using Inappropriate or Politically Incorrect Language Getting Started Determine Your Organization''s Environment, Goals, and Mission Identify Key Contacts Review Current Training Activities Review Current Awareness Activities Conduct a Needs Assessment Create Your Road Map Elements of an Effective Education Program Establish a Baseline Hard Data Soft Data Get Executive Support and Sponsorship Executive Security and Privacy Training and Awareness Strategy Briefing Provide Examples of Security- and Privacy-Impacting Events Case Studies Key Business Leader Information Protection Responsibilities Identify Training and Awareness Methods Adult Learning Training Delivery Methods Auditorium Presentations to Large Groups Remote Access Labs Satellite or Fiber-Optic Long-Distance Learning Web-Based Interactive Training (such as Webinars) Audio Instruction Video and DVD Workbooks On-the-Job (OTJ) Conference Calls Outsourced Training and Awareness with Professional Educational Services Education Provided by Professional Societies Government-Sponsored Training Awareness Methods Awareness and Training Topics and Audiences Target Groups Mapping Topics to Roles and Target Groups Standards and Principles Define Your Message Customer Privacy Laws and Regulations Access Controls Risk Management Prepare Budget and Obtain Funding Obtain Traditional Funding if You Can Obtain Nontraditional Funding When Necessary Final Budget and Funding Thoughts Training Design and Development Training Methods Design and Development Choosing Content Job-Specific Content and Topics for Targeted Groups Learning Activities Training Design Objectives Awareness Materials Design and Development Contrasting Awareness and Training Make Awareness Interesting Awareness Methods Awareness Is Ongoing Developing Awareness Activities and Messages Monthly Information Security and Privacy Newsletters Communications Step 1: Identify Where You Need to Improve, Update, or Create Information Security and Privacy Training and Awareness Step 2: Obtain Executive Sponsorship Step 3: Communicate Information Security and Privacy Program Overview Step 4: Send Target Groups Communications Outlining the Information Security and Privacy Training and Awareness Schedules and Their Participation Expectations Deliver In-Person Training What to Avoid in Training Multinational Training Considerations Delivering Classroom Training Tips for Trainers Visual Aids Training in Group Settings Case Studies Launch Awareness Activities Step 1: Identify Areas in Which You Need to Improve, Update, or Create Awareness Step 2: Obtain Executive Sponsorship Step 3: Communicate the Information Security and Privacy Program Overview Step 4: Identify Trigger Events Step 5: Identify Target Groups Step 6: Identify Your Awareness Methods and Messages Step 7: Evaluate Changed Behavior Step 8: Update and Perform Ongoing Awareness Plan for Specific Events Evaluate Education Effectiveness Evaluation Areas Evaluation Methods Evaluating the Effectiveness of Specific Awareness and Training Methods Education Effectiveness Evaluation Framework Activities Checklist Leading Practices Setting the Standard for Data Privacy and Awareness Establishing a Security Culture Through Security Awareness Empirical Evaluations of Embedded Training for Antiphishing User Education We Are Now the Targets of Thieves! Risks from Advanced Malware and Blended Threats Case Study: 1200 Users, 11 Cities in 7 Weeks . and They Wanted to Come to Security Awareness Training Obtaining Executive Sponsorship for Awareness and Training Education and Awareness for Security Personnel Aetna''s Award-Winning Security Awareness Program Security Awareness Case Study APPENDICES: Sample Executive Education Sponsorship Memo Training Contact Training Data Collection Form Effectiveness Evaluation Framework Sample Privacy Roles Definitions Suggested Privacy Awareness and Training Strategy Announcement as Voice Mail Message Privacy Icon or Mascot Sample Privacy Training Survey Privacy Sample Training Plans Advocate and SME Interview Questions to Assist with Privacy Training Development Training and Awareness Inventory Incorporating Training and Awareness into the Job Appraisal Process Interview/Questionnaire Sample Customer Privacy Awareness and Training Presentation Designated Security and Privacy-Related Days Education Costs Worksheet Sample Pre-training/Awareness Questionnaire Security Awareness Quiz Questions Social Engineering Quiz ONG>Motivational Factors Methods of Security and Privacy Objectives Assessments Performance against Specific Privacy and Security Objectives Using Appraisal Results Considering Security and Privacy within Job Performance as a Whole Paying for Performance Additional Percentage Element Added to Pay Challenges Common Corporate Education Mistakes Throwing Education Together Too Quickly Not Fitting the Environment Not Addressing Applicable Legal and Regulatory Requirements No Leadership Support Budget Mismanagement or No Budget Using Unmodified Education Materials Information Overload No Consideration for the Learner Poor Trainers Information Dumping No Motivation for Education Inadequate Planning Not Evaluating the Effectiveness of Education Using Inappropriate or Politically Incorrect Language Getting Started Determine Your Organization''s Environment, Goals, and Mission Identify Key Contacts Review Current Training Activities Review Current Awareness Activities Conduct a Needs Assessment Create Your Road Map Elements of an Effective Education Program Establish a Baseline Hard Data Soft Data Get Executive Support and Sponsorship Executive Security and Privacy Training and Awareness Strategy Briefing Provide Examples of Security- and Privacy-Impacting Events Case Studies Key Business Leader Information Protection Responsibilities Identify Training and Awareness Methods Adult Learning Training Delivery Methods Auditorium Presentations to Large Groups Remote Access Labs Satellite or Fiber-Optic Long-Distance Learning Web-Based Interactive Training (such as Webinars) Audio Instruction Video and DVD Workbooks On-the-Job (OTJ) Conference Calls Outsourced Training and Awareness with Professional Educational Services Education Provided by Professional Societies Government-Sponsored Training Awareness Methods Awareness and Training Topics and Audiences Target Groups Mapping Topics to Roles and Target Groups Standards and Principles Define Your Message Customer Privacy Laws and Regulations Access Controls Risk Management Prepare Budget and Obtain Funding Obtain Traditional Funding if You Can Obtain Nontraditional Funding When Necessary Final Budget and Funding Thoughts Training Design and Development Training Methods Design and Development Choosing Content Job-Specific Content and Topics for Targeted Groups Learning Activities Training Design Objectives Awareness Materials Design and Development Contrasting Awareness and Training Make Awareness Interesting Awareness Methods Awareness Is Ongoing Developing Awareness Activities and Messages Monthly Information Security and Privacy Newsletters Communica.