{"id":259,"date":"2009-08-11T10:30:01","date_gmt":"2009-08-11T17:30:01","guid":{"rendered":"http:\/\/blog.cosaint.net\/?p=259"},"modified":"2023-01-24T06:57:08","modified_gmt":"2023-01-24T06:57:08","slug":"1-course-per-month-programs-why-i-dont-like-them","status":"publish","type":"post","link":"https:\/\/www.empowerelearning.com\/blog\/1-course-per-month-programs-why-i-dont-like-them\/","title":{"rendered":"1 Course per Month Programs &#8211; Why I Don&#8217;t Like Them"},"content":{"rendered":"<p><img decoding=\"async\" class=\"alignleft size-full wp-image-601\" title=\"months\" src=\"https:\/\/www.empowerbpo.com\/blog\/wp-content\/uploads\/2009\/08\/months.jpg\" alt=\"months\" width=\"150\" height=\"150\" srcset=\"https:\/\/www.empowerelearning.com\/blog\/wp-content\/uploads\/2009\/08\/months.jpg 150w, https:\/\/www.empowerelearning.com\/blog\/wp-content\/uploads\/2009\/08\/months-100x100.jpg 100w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>Some organizations use a &#8220;1 course per month&#8221; approach to trickle security awareness training out to their staff &#8211; the intention being that they avoid overloading staff with a large amount of training upfront by dividing it up into more manageable chunks, and that the courses themselves act as periodic security reminders.<\/p>\n<p>It&#8217;s certainly an effective approach for the first year if you have a fairly steady (low turnover) staff. But there are a number of problems with the approach that I think negate or, at best, reduce its value.<\/p>\n<p><!--more--><\/p>\n<ol>\n<li>It&#8217;s difficult to think up new topics after the first 12 or so, making each subsequent training module less effective.<\/li>\n<li>Until the initial program has been fully completed, your training will be incomplete. For instance, you might be subject to a phishing attack before you&#8217;ve covered that topic in the training leaving you more vulnerable. Or your auditors may be a little worried that the program is incomplete if they look at your training records.<\/li>\n<li>Staff joining after the program has started will have missed some of the topics. So they&#8217;ll need to do &#8220;catch up&#8221; training. This isn&#8217;t too much of a problem if they join in the first couple of months &#8211; they&#8217;ll only have a couple of additional courses to do. But 12 months later, the backlog can be considerable.<\/li>\n<li>This system won&#8217;t meet the requirements of regulations or standards that specify completion of a training program at hiring and\/or before network access is granted.<\/li>\n<\/ol>\n<p>Because of these shortcomings, I far prefer an approach based on:<\/p>\n<ul>\n<li>Comprehensive new-hire training for all staff.<\/li>\n<li>An annual &#8220;<a href=\"https:\/\/www.empowerbpo.com\/blog\/the-second-year-and-beyond\/\" rel=\"nofollow noopener\" target=\"_blank\">refresh-update-test<\/a>&#8221; course.<\/li>\n<li>Short monthly reminders\/nudges using email, presentations at staff meetings, posters &#8230;<\/li>\n<\/ul>\n<p>This seems to cover all of the bases, and is consistent with <a href=\"https:\/\/www.empowerbpo.com\/blog\/best-practices-for-security-awareness-training\/\" rel=\"nofollow noopener\" target=\"_blank\">accepted best practices<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Some organizations use a &#8220;1 course per month&#8221; approach to trickle security awareness training out to their staff &#8211; the intention being that they avoid overloading staff with a large amount of training upfront by dividing it up into more manageable chunks, and that the courses themselves act as periodic security reminders. It&#8217;s certainly an [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-259","post","type-post","status-publish","format-standard","hentry","category-compliance","category-education"],"_links":{"self":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/posts\/259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/comments?post=259"}],"version-history":[{"count":0,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/posts\/259\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/media?parent=259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/categories?post=259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.empowerelearning.com\/blog\/wp-json\/wp\/v2\/tags?post=259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}