Persistent training is a process where you train and test users with an ongoing process of simulations and supplemental training material. Simulated phishing, social engineering tests, and requests made through the ticketing system to do something against policy are all forms of tests that can be used for the purposes of persistent training. The goal, of course, is not to see whether users will fail the test but rather to present an opportunity to exercise the users’ training and to follow up with supplemental training if users fail.
KeywordsActive Feedback Security Personnel Knowledge Retention Flash Card Supplemental Training
- Nancy Toppel; Allen Smith. Use of spear phishing exercises to increase security awareness. Proceedings of the 14th Colloquium for Information Systems Security Education, June 2010. http://cisse.info/resources/archives/category/14-papers?download=165:1716-2010.
- Ponnurangam Kumaraguru; Justin Cranshaw; Alessandro Acquisti; Lorrie Cranor; Jason Hong; Mary Ann Blair; Theodore Pham. School of phish: A real-world evaluation of anti-phishing training. Carnegie Mellon University, June 2009. http://cups.cs.cmu.edu/soups/2009/proceedings/a3-kumaraguru.pdf.
- Ponnurangam Kumaraguru; Yong Rhee; Steve Sheng; Sharique Hasan; Alessandro Acquisti; Lorrie Cranor; Jason Hong. Getting users to pay attention to anti-phishing education: Evaluation of retention and transfer. Technical report, Carnegie Mellon University, 2007.Google Scholar
- William Jackson. To defeat phishing, energy learns to phish. GCN, June 2011. https://gcn.com/articles/2011/06/13/doe-phishing-test.aspx.