Most security experts agree that one of the most important safeguards is a user base that undergoes regular information security awareness training. The traditional approach of computer-based awareness training (“click and quiz”) has been in use for many years. One major problem with this approach is that many users simply click through the material as fast as they can, take the quiz, and don’t really learn anything. This presentation will look at the available research on the effectiveness of traditional security awareness training and explore the question, Is this working? This is a topic specific/intermediate level session.
Outcomes: Learn about the effectiveness of traditional information security awareness training * Engage in live polling and voting * Take away ideas to change or form information security awareness programs at local organizations
Director, Cyber-Risk Program, University of California, Office of the President