At the AIDE conference last week I had the chance to catch Bill “@oncee” Gardner’s talk on new Security Awareness Training Framework (SATF). Well … at least new to me. Started in late 2011 by K.C. “@k0nsp1racy” Yerrid, it’s goal is to create a free and open source framework that security practitioners can use and evolve. The SATF is still very much in it’s early phases of development and looks to become a very promising project in the near future.
As with any framework it’s goal seems to be to represent the universe of possibilities of anything and everything security awareness training related. With this space defined, the SATF has many uses such as allowing security pros to more easily identify gaps in current training programs or assist customers in defining training programs specific to their needs.
From the SATF website, it’s three main objectives are:
- Define the Components: Define the components necessary to deliver an effective security awareness program, including scenarios for specialized functions such as developer training and home user education
- Understand How People Learn Information Security Awareness: Study and leverage the delivery mechanisms and various learning styles of individuals to maximize effectiveness of information security awareness
- Develop Feedback Mechanisms & Standardized Reporting Metrics: Develop feedback mechanisms and establish candidate metrics to measure the effectiveness of security awareness programs at various levels of granularity
The SATF is also looking for help in taking it to the next level. You can participate by joining their Google Group, following them on Twitter, friending them on Facebook, and/or contacting them directly.
Here is the video by @oncee from AIDE with more information for anyone that’s interested.
#####
Today’s post pic is from SATFramework.org. See ya!
SATF – Security Awareness Training Framework https://t.co/KZZ2I6mUe8
Hi Grecs,
To be clear my work is separate and apart from the broader work being done by SATF. As I’ve said before my talks are more like a TV mini series while SATF is more like a major motion picture. SATF seeks to address many more issues and audiences that just building a Security Awareness and Training program for you business. While SATF might at some point adopt some of my work into SATF, that has yet to be seen.
oncee
#NoVABloggers SATF – Security Awareness Training Framework http://t.co/pPZT88QKXv
BLOGGED: SATF – Security Awareness Training Framework http://t.co/Wx62PCUPEZ
#NOVABLOGGER: SATF – Security Awareness Training Framework http://t.co/JQXVKKjhD4 http://t.co/cYHF0lcT4I
Cool, thanks for the clarification.
SATF – Security Awareness Training Framework – check out our post for more info http://t.co/CdUbsUByXu
SATF – Security Awareness Training Framework – check out our post for more info http://t.co/ZFsZmHWI4M