A group of security practitioners are starting a new group called the Security Awareness Training Framework (SATF), an open-membership community that “brings one’s unique perspectives on security awareness to help put an end to the slippery slope of deficient security awareness training.”I’ll take a step back now and show you their full manifesto, which looks pretty cool:The Security Awareness Training Framework (SATF) is an open-membership community that brings one’s unique perspectives on security awareness to help put an end to the slippery slope of deficient security awareness training. Nearly 12 years after the introduction of the Love Letter and Melissa worms, organizations still struggle in providing effective training to the end user community, perpetuating the challenge of solving the ‘layer 8’ dilemma. The SATF will initially focus on three primary goals: 1.Define the components necessary to deliver an effective security awareness program, including scenarios for specialized functions such as developer training and home user education.2.Study and leverage the delivery mechanisms and various learning styles of individuals to maximize effectiveness of information security awareness. 3.Develop feedback mechanisms and establish candidate metrics to measure the effectiveness of security awareness programs at various levels of granularity.What the Security Awareness Training Framework is not:The SATF project is not chartered with delivering content or products for profit that address the use cases contained within the framework. Why the Security Awareness Training Framework?We believe that security awareness—in general—is suffering from a fundamental deficiency in communication between teacher (the training staff) and student (the end user). The community has perpetually failed to deliver a compelling program that engages students of all levels and functions, yet the teachers continue to make the student the scapegoat. Further complicating matters is the absence of any quantifiable means to pinpoint the deficiencies or gauge effectiveness at the programmatic level. History of the Security Awareness Training Framework:The Security Awareness Training Framework (SATF) originated at the inaugural Derbycon information security conference during Boris Sverdlik’s unconventional presentation entitled, ‘Your Perimeter Sucks’. During this discussion, a challenge was presented to produce tangible examples of working security awareness programs and deliver resources that could help organization’s to educate the user community more effectively. Who manages the Security Awareness Training Framework goals and progression?The SATF is not really about formal hierarchy; however we recognize the need for delivering a consistent and representative message to interested parties. If we look at the history, K.C. Yerrid (@K0nsp1racy) is the one that stepped up at Derbycon and committed to launching the project. This was quickly followed by Boris Sverdlik (@JadedSecurity), Matt Jezorek (@MattJezorek), Michael Ortega (@securityMoey), and several others. As the project continues to grow organically, we anticipate that the aforementioned individuals are the ones that will be ‘in the know’ about any facet of the program and can best guide interested parties to the right direction.How to Get Involved with the Security Awareness Training FrameworkThe SATF has both direct and indirect means for individuals to get involved with the framework. We are constantly looking for both technical and non-technical minds to represent the general population of individuals and organizations that could benefit from the goals of this project. We have recently purchased the domain name http://www.SATFramework.org, and will be building the site out over the next couple of weeks. We are on Google Groups under the name Security Awareness Training Framework Working Group. We are also on IRC’s Freenode servers under channel #SATF. –Bill Brennerone-stop view of latest business threats. We created it for you! Bookmark it! Use it!CSO’s Daily Dashboard gives you a Get your morning news fix with the daily Salted Hash e-newsletter! Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe