Industry Risk’s extensive background in security risk and business resilience translates to a substantial depth in associated disciplines. This puts us in an ideal position to deliver expert security training and exercises to develop individuals and teams in their roles, and by extension improve organisational capabilities.
Key Security Training Elements
Training needs will vary based on individual workforce demographics (i.e. who needs what training) and existing levels of awareness and competence. In a typical environment, skill levels will improve over time through increasingly advanced curriculum/subject matter, and of course through experience.
In support of this the key elements of training that should be considered include:
- Training needs analysis (this should be as detailed as is appropriate for the context).
- Senior stakeholder support.
- Development of baseline content requirements.
- Integration with other functional areas (e.g. Human Resources for maintaining records of training).
- Training policy(s) and procedures.
- A Master Training Schedule including demographics (e.g. Induction for everyone, specialist for security appointees, ad-hoc for targeted executives etc.)
- Testing methods.
Key Elements of Training Exercises
In this context the term ‘exercise’ is used in the broadest sense and includes theory, desktop, semi-live and full-scale live activities. The type of exercise that is most appropriate for the audience should be the subject of formal assessment, so that it does not under/overwhelm participants.
Each exercise should be tailored to the specific needs of the organisation and individuals, so as to gain the desired results from it. Key aspects that should be considered in every exercise include:
- The proposed purpose, objectives, scope and method.
- Early notification to lock in stakeholder availability.
- Date and venue.
- General approach.
- Planners and participants.
- Key tasks and timeline (including how lessons will be recorded).
- Participant Pack, Exercise Plan, Facilitator materials (e.g. slide deck) and Master Events List.
- Feedback mechanisms.
- Post-Event debriefing and report.
Security Training and Exercising Stages
Training and exercising are closely integrated components of security risk and resilience capability development for organisations. An exercise represents a training opportunity and should be planned for and treated as such.
Each activity should be coordinated and planned as part of a broader process that matches security training needs with exercise activities. The general stages involved in this should be reflected in a purpose-designed maturity model for security compliance reviews, which provides the basis for ongoing development of individuals and groups of stakeholders.
Reasons for Doing Security Training and Exercises
All organisations require some form of training to be performed in order to raise levels of capability and competence. With regards to security risk and resilience, the ultimate purpose relates to planning to minimise the effects of adverse consequences. This includes keeping employees and others safe and minimising disruptive event impacts on operations and reputation/brand and meeting minimum regulatory obligations.
The subject areas that may be canvassed within security training and exercises typically include:
Types of Security Training and Exercises
There are multiple methods available to achieve training and exercise objectives. Traditional options for the type of activities that may be conducted are detailed below:
Get in touch with Industry Risk today for more information about our Security Training and Exercises services, and how our experience and insights can help safeguard your organisation’s assets and operations.