Effective training

Effective Cyber-Security Training

Almost all organizations realize the need for cyber-awareness training. Celestya’s Q-LOG system is the most effective and cost-effective system for cyber-awareness training. Here is why:

Drawbacks Of Traditional Training Methods

The effectiveness of traditional frontal training for employees has been questioned because of major drawbacks:

Schedule-based training that does not gauge the actual skill level and network behavior of the user.
Removing employees from their normal work schedule for lengthy periods of time
Need for a dedicated training department to organize and train employees in many different groups that must be small enough to be effective
Dramatic drops in information retention in the days and weeks following frontal training sessions
Inability to ascertain the effectiveness of traditional training by not having a method of measuring behavior after training the user
Requirements for ongoing financial and organizational resources in implementing continuous frontal training, year after year, creates financial and logistical burdens
Lack of a sense of personal responsibility for individual employees in changing cybersecurity behavior (you cannot manage what you cannot measure)

Because of these drawbacks, training is either not conducted at all (54% of organizations) or it is conducted infrequently with diminished effectiveness as time goes by.

Requirements For Effective Cyber-Awareness Training

From an educational standpoint effective teaching and learning occur when all major learning processes are stimulated:

Logic center – receiving theoretical information about the subject matter
Visual Center – Seeing information about the subject matter
Auditory Center – Hearing information about the subject matter
Kinesthetic Center –Implementing the theory in real or simulated practice

Furthermore, information needs to be refreshed continuously through these four learning centers in order for it to be retained and then expressed as human behavior. Traditional frontal training usually does not cover all four learning centers and the information conveyed is not retained over time. The employee is not measured and does not have an individual sense of personal responsibility. Therefore, a computerized cyber-awareness training system is an excellent way to fully realize the huge potential savings (over 70%) in cyber-attack costs through improved human behavior, provided it successfully addresses the following points:

Training occurs as it is truly needed, for the topics in which the user is deficient, based on the user’s actual behavior as recorded in SIEM logs.
Training occurs at the employee’s workstation, for brief periods of time on a daily basis and when Human SIEM dynamically identifies a deficiency. This replaces the need to organize seminars and remove employees from their daily duties. The information is refreshed continuous and leads to changed behavior that follows corporate IT policy.
Multi-media training focusing both on the theory and practical simulation that addresses the four key learning centers.
Mock attacks that provide excellent feedback on the risk-level of the organization and the actual cybersecurity behavior of employees on an individual basis, stimulating individual responsibility
Continuous testing and refreshing of information that tracks personal behavior such as whether a question was answered correctly or whether a theoretical training message was read.
Effective management system that tracks the cyber-awareness level of each employee so that gaps can be addressed and training can remain relevant, interesting and engaging.