CASTLE

Our Cyber Security Awareness and Training Methodology

Acronyms

Should we have created an acronymic name for our cyber security awareness and training methodology?  Maybe not, but we did it anyways.

Beloved by IT, healthcare, finance and cyber security professionals alike.  Indeed every industry has their acronyms, each uniquely helpful albeit sometimes unnecessary and forced. 

Our Acronym is: CASTLE 

Cyber Awareness and Security Training Learning Experiences

To our surprise this acronym has not yet been taken, so we ran with it.  Seven words (one being “and”) describing what we create for our clients.  In this acronym, the words we are most concerned with are not “Cyber” or “Security”. Rather, we are most concerned with “Learning Experiences.” 

Building a CASTLE 

CASTLE is an empathetic methodology which clearly defines cyber security knowledgeskills and attitudes shared by every employee in order to keep your business safe. 

In fact, CASTLE is built upon the vision of LastLine Cyber, creating “An environment where everyone protects information assets and cyber security is prioritized.”  

Additionally, utilizing threat intelligence, we built this methodology to address and help organizations defend against the most pressing cyber risks facing society. 

Components 

There are two main components of the CASTLE methodology, each relating and reinforcing one another, but distinct in delivery. 

  1. Cyber Security Awareness Programs 
    • Goal: Get people talking about cyber security.  Essentially, an awareness program is successful when people have the knowledge needed to combat cyber threats, and an understanding of their role in cyber incident prevention. 
    • Delivery: 
      • Baseline Organizational Awareness Assessment 
      • Customized Instructor Led Awareness Forums 
      • Thought Provoking Experiential Exercises 
      • Phishing Simulations 
      • Physical Security Simulations 
      • Easy to Understand Reporting 
      • Constructive Feedback for Offenders 
      • Custom Company Branded Cybersecurity Awareness Posters 
      • Security Policy Signage 
      • Curated Company Specific Knowledge Base 
      • Informative Content Delivery via Email 
      • Unlimited Access to Our Experts 
  1. Cyber Security Training 
    • Goal: Imparting skills needed for each employee to defend against the constant presence of cyber threats. 
    • Delivery :
      • Mixed media training modules delivered via email covering: 
        • Phishing 
        • Passwords 
        • Safe Web Browsing 
        • Social Engineering 
        • Data Security 
        • Malware 
        • Mobile Devices 
        • Physical Security 
        • Removable Media 
        • Working Remotely 
      • Quick quizzes to assess retention of cyber security lessons. 

Specifically, all lessons take less than 10 minutes to complete and are delivered via email (fitting right into your workflow.) 

Creating a Cyber Awareness and Security Training Learning Experience 

Walt Disney created Disneyland in 1955 and opened Disneyworld in 1971.  Disney has been doing okay ever since… well, more than okay. 

The parks allow us to experience the worlds in which many of our favorite characters live. Furthermore, everything going on in these two parks tailors around the experience of the attendee. 

You always feel completely immersed in whatever section of the park you find yourself.  From the food, to the scenery, to the décor. 

Surprisingly, you never see the trash being taken out. 

You never hear any announcements over a loudspeaker, breaking immersion. 

Likewise, actors never break character. 

We’re no Walt Disney, but we have tried our best to create an experience unique to LastLine Cyber Customers.  And like Disney, we too have a CASTLE.  So, what does the CASTLE methodology feel like? 

It doesn’t feel like Disneyland or Disney World unfortunately… but it does feel different from many learning platforms concerning cyber security. 

If Walt Disney’s goal was to have people experience “The happiest place on earth” then LastLine Cyber’s goal is to give people “The best content delivery they’ve ever experienced.” 

We do this by following a few rules to keep Cyber Defense Simplified: 

  1. Don’t Make things Complex 
  2. Respect Prior Experience  
  3. Embrace Individual Differences
  4. Build Knowledge Slowly 
  5. Reinforce Knowledge Consistently
  6. Implement Feedback Regularly 

There is no “one size fits all” approach to cyber security training.  For example, each company has a unique culture, and we think that’s a wonderful thing.  What’s important is consistency.  Our message is that cyber security is too important to not prioritize. 

Therefore, if we’ve done our job well (which we do), learning cyber security skills will feel less like a chore, and more like a positive experience. 

The Mind and the Material 

We looked at current approaches to implementing organizational security awareness and training… and then we fell asleep. 

Nobody likes dry content, so we spiced it up.  Nobody likes required training, so we made it entertaining.  

Additionally, people learn best when they associate positive experiences with subject matter.  To emphasize, we consult with psychologists and educators, building cyber security awareness and training programs which feel genuine, relatable and applicable. 

LastLine Cyber helps companies create cyber secure cultures by ensuring that every employee is both aware of the real risks associated with cyber security threats and trained to defend the company against them. 

Working alongside top management, we drive real cultural change to a security focused employee population.  Executives are empowered to build security into the fabric of their organizations because we have made it easy to understand the importance of cyber security as it relates to organizational performance. 

The awareness component of the CASTLE methodology gives everyone the knowledge and attitudes needed to approach cybersecurity incident prevention; the training component gives you the skills to keep your organization safe. 

Steps to creating a cyber security learning experience

  1. Establish Conceptualization 
    • Citing real world examples of relatable situations to cyber security concepts, we allow our audience to make connections to those concepts naturally. 
  2. Introduce Topic 
    • Once conceptualization is established, we introduce the cyber security concept.  Only our introduction is prefaced by a relating scenario. 
  3. Introduce Relation 
    • The relationship between the concept and ACTION (what do we need to do to keep ourselves secure) is further explored. 
  4. Reinforce Relation 
  5. Establish Understanding (Knowledge, Skills, Attitudes) 
  6. Prove Retention (Quizzes, Phishing Simulations) 
  7. Collect Feedback 
  8. Reward 
  9. Revise

These steps include both the cyber security awareness and training components, together creating a situation where people understand how the knowledge, skills and attitudes towards cyber security incorporate into their jobs every day. 

In other words, the only way people will take cyber security training seriously is if they know what is at stake (no matter which level of employee) and how the evolving cyber threat landscape creates risks which can put their jobs, and the company in jeopardy. 

In short, the CASTLE methodology intentionally creates positive cyber security learning experiences.  Ultimately, we would love to experience that with you. 

Share this post

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.