The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA BEST PRACTICES 12 SPENDING THE RIGHT TIME ON ANALYSIS Analysis is critical when building a program to affect a behavior. To affect behavior, people must hear the "why" and not just the "how." Without communicating and understanding the "why," there is little chance the security awareness program will make a difference. People also need to know what's expected of them. The project team and the trainer must document the business objectives and expected results so both stay front and center during the rest of the program development. They also need some early approval from the target audience in order to make design decisions for the program. Because technical trainers rarely spend a lot of time in analysis for routine technical classes, the rest of the team must help the trainer give the right amount of attention to this phase. Too little time, and important business objectives are missed. Too much time, and the trainer is stuck in analysis paralysis. View the comprehensive guide for tasks to target for analysis, including why they are important and what questions to ask. DESIGNING THE PROGRAM Armed with the analysis information, the design phase begins. The first and most important task will be developing learning objectives. Those come directly from the business objectives documented in the previous phase. In the online version, we walk through the development of both high-level and task-level learning objectives. The remaining tasks are critical to establishing the foundation and direction of the remaining phases. In the design phase, you will: • Translate business objectives into learning objectives • Define goals for each aspect of the program • Define roles and responsibilities • Develop high-level design and format for the learning content • Prioritize the pieces of the program • Define budget and authority Consider how much information is being shared at any given time. You might wish to initially focus on the less obvious security threats with the biggest impact. Focus on one or two vital behaviors that will drive most of the change, such as user awareness or a "stop-and-think- before-reacting" practice. Too often, organizations try to cram everything into a once-a-year program and overload the learner, which leads to poor retention. It is possible to begin rolling out the program with priority topics, while also continuing to develop work on additional or advanced topics, so long as the firm has identified and assigned resources. Next, consider the audiences and the types of material created for each, and document early ideas. Don't forget specialty practice groups with clients that deal with mandated regulations and policies requiring special attention. Consider the possibility that some topics are best understood in a classroom-type event, and others are better addressed by providing e-learning content. Most important, consider how you can deliver the topics in an engaging way. Think beyond the classroom and e-learning, and consider posters, townhall events, practice group meetings, Don't forget specialty practice groups with clients that deal with mandated regulations and policies requiring special attention. a video from the managing partner, stories of real experiences by people in the firm, or even adding gamification elements to your program. Scavenger hunts or rewards for identifying either breaches or good security practices can make the program more engaging for some. BUT WAIT, THERE'S MORE For more examples and additional information on developing your own security awareness training program, view the comprehensive guide online at iltanet.org/SAT. Content includes the development of materials, whether to do so in-house or outsource, motivational factors to consider, implementing the program, evaluating the program and post-implementation considerations.