Security and Privacy in a Networked World/Training: Herding cats

Intro

Awareness training - some possible topics

Generic

Main technologies

Special groups to train

IT staff - those actually in charge of technology, including administrators, developers, support/helpdesk etc. While these employees tend to be more knowledgeable about IT risks, lax attitudes towards security is a common problem (Estonians may recall the case with Eesti Telefon - it was leaked to the media that their main server's admin password was "kala" (fish)...). Training should generally focus on actual examples and be clearly connected to the security policies present.
Higher management - can be especially difficult to train due to their limited time resources and sometimes also mixed attitudes (reluctant to learn, feeling being 'above the law' etc). Should especially focus on social engineering, mobile/travel/cloud and data security, but also reach adequate knowledge of common applications usage (e.g. e-mail). Also, clear connections to security policies and stressing their universality (i.e. everyone must comply) may help.
Service staff (janitors, drivers, couriers etc) - a major target for social engineers, therefore the training must focus on recognizing and neutralizing SE-based attacks. However, with training these people can be valuable in countering threats due to their mobility and "low profile" image ("just a janitor - he is supposed to be there").

Environment

Study and Blog

Pick a topic above (e.g. passwords or social networks) and write a short awareness training programme for your colleagues (those who do not work may use a fictional company).