The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
WWW.ILTANET.ORG 11 To create an effective security awareness program, remember the following goals: • Align the security awareness program with real business risks • Explain the critical importance of security to everyone in the firm • Design an ongoing program and not a single event • Set realistic expectations and consequences • Match the correct skills to each phase of the program • Ensure that sufficient funding is in place to implement the agreed-upon strategy • Create a program that is engaging and fun What follows is the start of a comprehensive guide on how to create an effective security awareness program. The entire guide is available online at iltanet.org/ SAT. GETTING A SECURE START It is critical to have the right people at the table early when building a security awareness program. Solid business decisions made in the beginning will be in effect throughout the project, and trainers need About the Authors Michelle Spencer, Senior Trainer of Information Management at Bracewell & Giuliani LLP, does curriculum development and coordinates firmwide training projects from the firm's Austin office. She has worked in various positions for Texas law firms since high school, always ending up helping and training people. For over 15 years, Michelle has been providing training and desktop support, and she believes in understanding the demands on her users, the work they do and speaking their language. Contact Michelle at michelle.spencer@bgllp.com. to hear about business goals directly from firm leadership and project stakeholders. Keep in mind that the actual program is not a one-and-done event: Security awareness is a behavior your firm must work on every day, and your trainer must hear this early and often. Trainers often follow an instructional design process known as ADDIE as a regular part of designing training materials and training events. ADDIE is an acronym for: • Analysis: Establishing the business reason for the training • Design: Writing learning objectives that meet the business objectives from the analysis phase • Development: Developing the training content • Implementation: When the learning happens • Evaluation: Reviewing development and delivery and continually improving the program Those familiar with project management will recognize parallel areas in project planning and can readily see the benefit of including training early and often in the overall process. Trainers will find it stretches their skills to do more up-front planning and collaborating with groups they do not work with regularly. Being a part of the team from the beginning will help the trainer move efficiently through all phases of the program development.