• United States



Practitioners launch Security Awareness Training Framework

Nov 03, 20114 mins
Data and Information Security

A group of security practitioners are starting a new group called the Security Awareness Training Framework (SATF), an open-membership community that “brings one’s unique perspectives on security awareness to help put an end to the slippery slope of deficient security awareness training.”

I’ll take a step back now and show you their full manifesto, which looks pretty cool:

The Security Awareness Training Framework (SATF) is an open-membership community that brings one’s unique perspectives on security awareness to help put an end to the slippery slope of deficient security awareness training. Nearly 12 years after the introduction of the Love Letter and Melissa worms, organizations still struggle in providing effective training to the end user community, perpetuating the challenge of solving the ‘layer 8’ dilemma.

The SATF will initially focus on three primary goals:

1.Define the components necessary to deliver an effective security awareness program, including scenarios for specialized functions such as developer training and home user education.

2.Study and leverage the delivery mechanisms and various learning styles of individuals to maximize effectiveness of information security awareness.

3.Develop feedback mechanisms and establish candidate metrics to measure the effectiveness of security awareness programs at various levels of granularity.

What the Security Awareness Training Framework is not:

The SATF project is not chartered with delivering content or products for profit that address the use cases contained within the framework.

Why the Security Awareness Training Framework?

We believe that security awareness—in general—is suffering from a fundamental deficiency in communication between teacher (the training staff) and student (the end user).

The community has perpetually failed to deliver a compelling program that engages students of all levels and functions, yet the teachers continue to make the student the scapegoat.

Further complicating matters is the absence of any quantifiable means to pinpoint the deficiencies or gauge effectiveness at the programmatic level.

History of the Security Awareness Training Framework:

The Security Awareness Training Framework (SATF) originated at the inaugural Derbycon information security conference during Boris Sverdlik’s unconventional presentation entitled, ‘Your Perimeter Sucks’.

During this discussion, a challenge was presented to produce tangible examples of working security awareness programs and deliver resources that could help organization’s to educate the user community more effectively.

Who manages the Security Awareness Training Framework goals and progression?

The SATF is not really about formal hierarchy; however we recognize the need for delivering a consistent and representative message to interested parties.

If we look at the history, K.C. Yerrid (@K0nsp1racy) is the one that stepped up at Derbycon and committed to launching the project. This was quickly followed by Boris Sverdlik (@JadedSecurity), Matt Jezorek (@MattJezorek), Michael Ortega (@securityMoey), and several others. As the project continues to grow organically, we anticipate that the aforementioned individuals are the ones that will be ‘in the know’ about any facet of the program and can best guide interested parties to the right direction.

How to Get Involved with the Security Awareness Training Framework

The SATF has both direct and indirect means for individuals to get involved with the framework. We are constantly looking for both technical and non-technical minds to represent the general population of individuals and organizations that could benefit from the goals of this project.

We have recently purchased the domain name, and will be building the site out over the next couple of weeks. We are on Google Groups under the name Security Awareness Training Framework Working Group. We are also on IRC’s Freenode servers under channel #SATF.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a

Get your morning news fix with the daily Salted Hash e-newsletter!