Training and Awareness Based upon Age and Learning Styles

The head of HR is looking for you to summarize your thoughts about the integration of policy-presentation styles and security-awareness strategies for CIO?  Board meeting is coming up and you need to get your messaging together. Maybe this will help:

—–

Let me explain my thoughts on aligning policy with awareness in a cohesive series of delivery medium.

It is my desire to inform and motivate employees through multiple formal and informal communications channels of various formats running in parallel that are focused on our policies while staying abreast of daily information security events. We intend to do this through the monthly circulation of timely information that caters to each learning style and age group.

We teamed with Corporate Training to analyze our current delivery mechanisms against learning styles and demographics. We were able to determine the fastest growing demographic segments within the company as compared to their particular traits. We can make assumptions concerning this data relative to the types of awareness programs we need to initiate and to the types of policies we need to establish or update.

We’ve also examined learning styles and hope to incorporate these approaches.

As we continue to hire Millennials and Generation X personnel, the level of technical expertise increases while the types of communication tools change. In order to engage these employees, we intend to deliver awareness on policies through the both new and more traditional medium:

Blogs

Wikis

Podcasts

Text Messaging (Twitter and Tweets)

Vodcasts

Instant Messaging

eBooks

crowdSourcing

Flickr

Facebook

RSS Feeds

Webinars

Seminars

Webcasts

Interactive online courseware

Posters

Pamphlets

Email

Intranet

Mashups

The ability to deliver messaging in media that Millennials and Generation X employees prefer is a growth area. We intend to establish a high level of awareness creating momentum while sticking to an individual topic each month, seizing the opportunity to expand and contract as appropriate to each audience via multiple media options. We are examining solutions for a ‘create once publish many’ infrastructure enabling accurate and pointed messaging covering a broad range of topics from different perspectives, incorporating current security risks and topical news both within the company and in the marketplace.

We also intend on rewarding proper behavior surrounding identification and communication of issues. We are nearly ready to present the rewards program proposal to you for review prior to submission.

We see security policies as a method to communicate the corporate consensus of judgment that defines appropriate behavior for our employees. As per our recent discussion, this provides Human Resources the ability to act in response to inappropriate behaviors executing appropriate sanctions that are fair and within legal bounds since prosecution without policies can be problematic.

Through branding and integration of all medium into a coherent, consistent and instantly recognizable policy-based, campaign theme, we envision cultural change while reducing security risks. Not to be entrenched in a standard monthly message, we are working with the Help Desk to quickly identify security issues as they are logged using Blogs, RSS feeds and Twitters as methods to maintain internal issue currency.

We are establishing a Policy and Awareness Council that demographically represents the company. We are greatly interested in your participation as a co-chair for this council. I look forward to your feedback.