Enterprise Security Management System, Communications Strategy, Awareness Training Methodology

The Path to ISO27k Certification

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Compiled by Mark E.S. Bernard, CRISC, CGEIT, CISM, CISSP, CISA, ISO 27001 Lead Auditor, PM, PA, CNA


Goals: • Announcing • Motivating • Educating • Informing • Supporting Decision making

Communications


Communications



Awareness Training Target Audience: • Network Engineers • Database Administrators • System Administrators • IT Operations

General Audience: • Corporate, Divisions • External existing and potential customers

Communications


Communications

Awareness Training Topics: • Risk Assessment • Asset Inventory • Vulnerability Management • Information Handling /Classification • Incident Handling / Breach, Disaster, Continuity • Defence-in-depth / Security Architecture


Communications

Strategy


Communications

Strategy


Developing Lesson Plans

for PARTICIPATORY

LEARNING


AGENDA

WHY DO WE NEED TO PLAN?

BENEFITS

GOALS

DESIGN REQUIREMENTS

GIVING & RECEIVING FEEDBACK


LESSON PLANNING

DEFINED

A lesson plan is a description of the sequence of activities engaged in by the instructor and learners in order to achieve a predetermined instructional

objective. It includes a description of the instructional session, the aids, devices,

and other resources required.


LESSON PLANNING

ELEMENTS

Basic details: title of the lesson, instructor, date, time, location, special arrangements, length of session, etc..

Method of Bridge-in (Motivation): explain why learning this will be useful

Objectives: performance, what the learner will be able to do at the end of the lesson

Pre-test Procedure: test items, questions to check knowledge or understanding, behaviors to observe, assignment(s), task(s), etc….


TEAM INSTRUCTION

ROLES

Facilitator: The person who introduces the instructor, the learning objective, provides administration over feedback forms and initiates learning session closure.

Instructor: The expert providing the lesson, instructions for learners including participatory learning session and moderation of verbal feedback session(s).


WHO CAN BENEFIT

People from any content area who are committed to delivering high-quality instruction

People who would like to vary their teaching styles

New instructors who would like to learn from others with more experience

Experienced instructors who would like to share their experiences with others


GOALS

• Write a useful, practical lesson plan

• Use instructional objectives to inform learners about what they are expected to learn

• Conduct a highly participatory classroom session

• Use common instruction aids competently

• Use good questioning techniques during classroom sessions

• Use simple techniques during lessons to test teaching

• Evaluate what has been learned in relation to your performance objectives

• Give objective behavioral feedback

• Feel more competent and confident as an instructor


DESIGNING MINI-

LESSON PLANS

Bridge-in; explains the value of the lesson to the learner and provides motivation

Objective; what must the learner do? under what conditions? how well?

Pre-test; identifies any prior knowledge and whether or not the learner can already accomplish the objective

Participatory learning; the learner is as actively involved in the learning process as possible

Post-test; determines if the learner has indeed learned


THE 40 MINUTE

MINI -LESSON CYCLE

Preparation - 10 minutes; facilitator consults with instructor to select forms, discuss points to be observed

Lesson - 20 minutes; instructor teaches mini lesson to other participants

Written Feedback - 7 minutes; facilitator hands out selected feed back forms and provides directions

Verbal Feedback from Learners - 13 minutes; facilitator conducts oral feedback session, ensuring that the instructor receives and understands the comments of the participants


BRIDGING-IN

Example:

Lesson: Corporate Security

Topic: Firewalls

Bridge-in: Knowing how to configure a firewall correctly could be the difference between having a hacker access you organizations assets or simply receiving a message from your pager

While it is the learners responsibility to learn, bridging-in provides a meaningful link between the objective of the lesson and its value to the learners


INSTRUCTIONAL

OBJECTIVE

Is a statement indicating what the learners will be able to do at the conclusion of instruction

Clearly defined objectives;

Constitute a basis for the selection of instruction material, content or techniques

create a basis for determining when the instructional purpose has been achieved

provide a learner with the means to organize efforts towards accomplishment of learning tasks


INSTRUCTIONAL

OBJECTIVE

Types of learning objectives;

Cognitive; intellectual outcomes

Psychomotor; new physical skills

Affective; attitudes, values, beliefs

Elements of well defined objectives;

Performance, what will the learner have accomplished?

Conditions, the conditions under which the learner will demonstrate mastery of the objective?

Criteria, the quality or level of performance considered acceptable


PRE-TEST

The pre-test determines what the learners already know. This ensures that teaching begins at the right point in the subject material.

The pre-test can be informal question and answer session or a more formal test given to each individual student.

Instructors benefits are; provide direction for the instructor, address learners over confidence, clarify the course objectives, focus students attention

Learners benefits are; allow learners to provide feedback, motivate learners, determine what learners do or don’t know


PARTICIPATORY

LEARNING

Whenever possible instructors should endeavor to have students actively involved in achieving the desired outcomes

Psychomotor skills are best mastered through repeated practices combined with feedback

Concepts and theories frequently evolve as a result of discussion, debate, dialogue and other forms of testing ideas

Changes in attitude results from the integration and synthesis of new information by the learners


POST-TEST

The type of testing we choose will depend on the instructional objective. The following are three types of learning along with relevant types of test questions:

Knowledge (knowing); multiple choice, true/false, matching, completing, short answer, identifying

Skill (doing); checklists, rating scales

Attitude (feeling); attitude scales, performance, essays


MINI-LESSON PLANNER


GIVING & RECEIVING

FEEDBACK

You can best benefit from your mini-lesson if you receive clear feedback. This necessitates an open and caring environment where fellow participants feel comfortable to offer honest feedback, motivated by your willingness to receive it.

Feedback helps learners to consider changing their habits

Feedback assists learners by keeping their behavior on target with goals and objectives

Feedback helps the instructor to measure how well the learners are coping with the chosen method of instruction


GIVING USEFUL

FEEDBACK

Constructive feedback is descriptive rather than evaluative

Specific rather than general

Considers the needs of the receiver and giver

Is directed toward the behavior that the receiver can change

Is solicited rather than imposed

Is well-timed

Is checked to ensure clearly communicated


RECEIVING FEEDBACK

Ask for specific information

Paraphrase what you hear

Make eye contact with the giver

Accept all feedback initially

Ask for specifics if unclear

Give honest, experiential responses

Focus on the positive

Determine importance

Separate feeling from content


MINI-LESSON PLAN

EVALUATION



Mark E.S. Bernard, CISSP, CISM, CRISC, CISA, CGEIT, CNA

Skype; Mark_E_S_Bernard Twitter; @MESB_TechSecure

LinkedIn; http://ca.linkedin.com/in/markesbernard

Business

Enterprise Security Management System, Communications Strategy, Awareness Training Methodology