About the Security Awareness Technical Framework

The Security Awareness Technical Framework is the result of a collaboration of information security practitioners that are deeply interested in solving the slippery slope of security awareness training. Its hyper-personalized, analytical approach is intended to identify training opportunities in the domain of information security awareness by embracing the fact that most people partaking in information security awareness training are shoehorned into a method of teaching that they may not be compatible with. For instance, many security awareness training programs feature lengthy Powerpoint presentations, or in some cases games using cartoon characters to stimulate learning. With a fundamental assumption that users have unique learning styles and may not be amused with current delivery methods; therefore, actively resist the training curriculum, the Security Awareness Technical Framework seeks to remove the barriers and provide concise, age-appropriate training opportunities.

The Security Awareness Technical Framework will initially focus on these primary goals:

• Define and codify the entities and relationships between people, training topics, learning styles, training history, and learning outcomes.
• Study and identify weaknesses in current training approaches to improve learning outcomes.
• Produce relevant learning paths and curriculums for people of all ages and occupations.

The Security Awareness Technical Framework, at its core, will consist of an open source graph database written in Neo4j. Its application layer will be built on Python and py2neo, and the presentation layer will utilize Javascript and JSON to render the graphs in a web browser.

The Security Awareness Technical Framework idea was founded in 2011 by K.C. Yerrid in response to the presentation entitled, “Your Perimeter Sucks” by Boris Sverdlik.