Back to Table of Contents

Planning

Objectives

Once you have completed this section, you will be able to:

  • Recognize the importance of role-based training
  • Understand common roles and groups within an organization
  • Define learner groups based on roles within your organization

Overview

Want to ruin an information technology professional’s day? Give them a new system that is complex to configure. What to be their hero? Give them SecurityIQ! With a little planning, you can be educating learners and improving your organization’s security in just minutes. In this section, we will take look at what you can do to make the setup process a breeze while ensuring that you get the most out of your SecurityIQ reports down the road.

Role-Based Training and Groups

One of the most important items to consider when planning, is how you would like to organize your employees within SecurityIQ. Groups are an integral part of assigning course content to learners within a campaign and generating the reports you will use to gauge the success of your campaigns. They will also be used to help customize the types of simulated phishing attacks that are sent to your learners. Therefore, it’s worth spending a few minutes determining how you will want to organize your learners before you start.

 

Role-Based Training

Role-based training delivers training to learners based on their roles or functions within an organization and keeps the process efficient by providing them only with the information they need in order to fulfill their roles. Each department or job function within a company will utilize technology differently and will have varying levels of access to different types of data.

Think about your organization and the roles and types of data each role is responsible for. Sales may process credit cards, human resources handles sensitive information such as Social Security numbers, payroll manages bank routing and account information for direct deposits, R&D has access to trade secrets and intellectual property, and Information technology holds the keys to the digital kingdom, while your maintenance department uses a computer only to clock in and out and to purchase supplies online. Knowing this, it wouldn’t make sense to provide your maintenance employees with credit card processing or breach notification training, but they should know about safe web surfing, physical security, and how to properly dispose of hard-copy materials containing sensitive information. By clearly defining the roles within your company, you can create a highly effective training plan that minimizes the amount of time needed to complete training while ensuring that the appropriate knowledge has been shared with the right people.

With this in mind, our first planning step is to create a list of roles within your organization with different data access needs. Next, think about any special groups or other roles within your organization that you may want to tailor training for.

Departments

Other Roles

 

·      Accounting

·      Payroll

·      Human Resources

·      Sales

·      Information Technology

·      Research and Development

·      Maintenance

 

 

·      Executives

·      Managers

·      Credit Card Users

·      Medical Records Handlers

·      Telecommuters/Remote Employees

·      General Computer Users

·      Mobile Employees

 

Now that you have a list of basic roles within your organization, you will be able to easily decide which training content should be provided for each group. This information will be used when creating your PhishSim and AwareEd campaigns.