It is my belief, and commonly the belief of my peers, that InfoSec Awareness and Training should be tailored to the target audience. InfoSec training is already typically an uninteresting topic that the recipient tends to have trouble grasping. Over-education can be almost as detrimental as under-education, as once the student reaches the saturation point, there is increased difficulty retaining more information.
Topics coming soon:
1) Separate InfoSec training for Staff, Faculty, and our Community. While faculty may simply need FERPA and general Red Flag training, staff need additional training in the realm of PCI, HIPAA, SOX, and more. Community based InfoSec training will cover topics needed to cover our home computing environment, such as smartphones, wireless routers, computer antivirus and more.
2) External resources for 'more information' about Cyber Security. Books, news columns
and websites devoted to spreading InfoSec awareness throughout the world.