The new critical frontier in the arsenal of defense controls for information assurance professionals is people, and that means every employee in an organization. Although not a new concept, it’s fast becoming the new defense to protect valuable information from identity thieves, hackers and industrial espionage experts (corporate spies). As the need grew over the years a new methodology was developed to help organizations, and is explained in this article to assist companies in designing, developing, implementing and maintaining an Information Assurance Learning Program (IALP). The acronym for this methodology is appropriately entitled, ACADEMICS. To help illustrate the methodology, in this series of articles, the topic will be presented in a dual approach: first by introducing the concept by stage and secondly, by supporting the concept with a case study of a large program developed for a global financial services company based in North America. The program ran for two years from concept to launch, then the accomplishment of the program’s initial training objectives, and then finally into ongoing maintenance.
It doesn’t matter what your area of expertise is within the various information assurance fields (Security, Privacy, Business Continuity, Compliance, Risk Management, etc.), or the topic you are developing it for, ACADEMICS is a flexible and extensible methodology that works for all needs. The methodology was developed drawing upon over 35 years of experience developing learning programs for the Department of Defense, Big 4 Consulting firms, IT service organizations, as well as Healthcare and Financial service companies in Canada and the United States.
In Part 2 of this series, I will be breaking down and discussing the activity within Phase I of the methodology, the Analysis Phase. This is also when we will begin introducing our case study to help bring the methodology to life for you for in-depth comprehension.
Please note, as a strong supporter of “community,” CIMA has contributed this methodology into a work project organized and led by the Information Security Leadership Forum (ISLF). Upon completion, the ownership of the intellectual property for the new and improved version of the methodology will be transferred to the ISLF. This video has been produced based on Blog article posted on the CIMA website, with permission. The text version can be see at: https://www.mycima.net/single-post/2017/03/26/Developing-an-Awareness-Training-Program-based-on-ACADEMICS—PART-1
CALL TO ACTION FOR MEMBERS: Its time to get involved. Join this important work group and contribute to the community!