Laptop Displaying the GigaOm Research Portal

Get your Free GigaOm account today.

Access complimentary GigaOm content by signing up for a FREE GigaOm account today — or upgrade to premium for full access to the GigaOm research catalog. Join now and uncover what you’ve been missing!

Key Criteria for Evaluating Security Training Solutionsv1.0

An Evaluation Guide for Technology Decision-Makers

Table of Contents

  1. Summary
  2. Security Training Primer
  3. Report Methodology
  4. Decision Criteria Analysis
  5. Evaluation Metrics
  6. Key Criteria: Impact Analysis
  7. Analyst’s Take
  8. About Jamal Bihya

1. Summary

When a security breach occurs, there’s a high probability that the origin of the breach is due to negligence, a lack of information, or an under-trained employee or group of employees. As such, it’s imperative that organizations deploy the best technological tools to protect company assets.

But technology is just one step in building an organization’s cybersecurity strategy. The next—and arguably more important—step is raising awareness, changing employee behavior, and changing company culture around actions that could endanger the company’s security. This involves training and educating employees and business partners on the cybersecurity issues and risks that threaten company assets and the financial, reputational, and legal consequences that may result from a breach.

And this is all the more difficult nowadays because employees and business partners can work from anywhere, at any time, using all kinds of devices; and the diversity of employees’ backgrounds and cultures can challenge security awareness and training content designers.

Implementing a security awareness and training (SA&T) program to mitigate the risks associated with the human factor in a company becomes a cornerstone in the building of countermeasures to attacks on company assets. The program must be based on the policies of the company and on the general recommendations of the National Institute of Standards and Technology (NIST) and other standards bodies. The program must also consider the risk profiles associated with different categories of employees and business partners.

Different levels of security training should be considered depending on the target population: from general training for the majority of on-site and remote employees and contractors to instruction on specific technological tools for subject matter experts.

This GigaOm Key Criteria report details the capabilities (table stakes, key criteria, and emerging technologies) and evaluation metrics (non-functional purchase drivers) for selecting an effective SA&T solution. The companion GigaOm Radar report identifies vendors and products that excel in those criteria and metrics. Together, these reports provide an overview of the category and its underlying technology, identify leading SA&T offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.