Here is the e-mail I received from one of our clients.
We are one of the largest integrated energy solutions providers in Africa. Of late, we are facing the serious problem of information security breaches in our organization. Hence, we would like to create awareness on information security and train our employees on its best practices. We require your help to create an online course on information security.
Please share your ideas on how we can take it forward.
Sorry to hear that you are in a tough spot.
I agree with your point that it is very important to create awareness on information security. It would go a long way in avoiding data breaches in your organization.
The course deals with compliance matters, which are generally considered “dry” and boring. So, in order to make the course interesting and help your people comprehend the subject matter better, we suggest using a scenario-based approach. The scenarios are based on real life situations. After going through each scenario, the learner will be asked questions. Here is a sample scenario and a few questions about it.
Richard works with the marketing team. He is required to use a unique authentication ID and provide the right username and password to access data.
One day, while driving to work, he was held up in a traffic jam. He had to attend an important meeting, and there was no way he could make it. His assistant called him for some files, which were urgently required. He told her to take them from his PC and gave her his password.
Q 1: What did Richard do wrong?
A. Nothing; that was the right thing to do. She is after all his assistant.
B. He should have started early to reach his office on time.
C. He should have shared all important files with his assistant, a day earlier.
Q 2: Why should Richard not share his authentication ID?
A. Richard needs permission from his manager to share his password.
B. The meeting is not more important than protecting his user ID.
C. Employees authorized to access data are prohibited from sharing their authentication IDs.
To answer these questions, he needs to understand the scenario effectively, The questions can be answered only if the learner is able to apply the learning efficiently.
Scenarios can be created on the following aspects of information security.
- Physical Security
- Malware and Antivirus
- Installing Unauthorized Software (from unknown sources)
- Password Construction Policy
- Internet Usage Policy
- E-mail Usage
- Clear Desk Policy
- Desktop Security
- Social Engineering
- Mobile Computing
Coming to the development of this course, we recommend using Articulate Storyline 2 because it has several buit-in interactvities and can be used to publish the course to the HTML5 and Flash formats,with just a click, allowing your learners to access the course on smartphones, iPads or any other device of their choice.
These are some of our initial thoughts about the solution. We can discuss it in detail, going further. Hope you find this information helpful. If you have any questions, we would be happy to address them.
With best regards,