At the AIDE conference last week I had the chance to catch Bill “@oncee” Gardner’s talk on new Security Awareness Training Framework (SATF). Well … at least new to me. Started in late 2011 by K.C. “@k0nsp1racy” Yerrid, it’s goal is to create a free and open source framework that security practitioners can use and evolve. The SATF is still very much in it’s early phases of development and looks to become a very promising project in the near future.
As with any framework it’s goal seems to be to represent the universe of possibilities of anything and everything security awareness training related. With this space defined, the SATF has many uses such as allowing security pros to more easily identify gaps in current training programs or assist customers in defining training programs specific to their needs.
From the SATF website, it’s three main objectives are:
- Define the Components: Define the components necessary to deliver an effective security awareness program, including scenarios for specialized functions such as developer training and home user education
- Understand How People Learn Information Security Awareness: Study and leverage the delivery mechanisms and various learning styles of individuals to maximize effectiveness of information security awareness
- Develop Feedback Mechanisms & Standardized Reporting Metrics: Develop feedback mechanisms and establish candidate metrics to measure the effectiveness of security awareness programs at various levels of granularity
The SATF is also looking for help in taking it to the next level. You can participate by joining their Google Group, following them on Twitter, friending them on Facebook, and/or contacting them directly.
Here is the video by @oncee from AIDE with more information for anyone that’s interested.
Today’s post pic is from SATFramework.org. See ya!