Training/Metrics FAQs

What does VST training and awareness cover?

Loptr provides customized training for your staff. Most regulations (like HIPAA and PCI DSS) require general security training for everyone and extra security training for people with specialized roles – we provide both. Our “Year 1” sessions usually cover workforce security, policies and procedures, social engineering, and IT risk. Our team creates tailored, 10-15 minute videos for each topic but we can provide “live” training for your team if you prefer.

We also give you new awareness materials every month. Awareness might seem like a small thing but your workforce is your first line of defense and keeping security top-of-mind is critical. VST clients often identify Loptr’s awareness materials as the most important factor in early detection of security events. Our awareness materials include digital images (in HD and WXGA formats for screen savers, backgrounds, and video displays), printed posters, email messages, and intranet content.

For the 12-month VST, we include 4 training videos and 48 awareness reminders; for the 3-month VST, we include 1 video and 12 reminders.

What is a program dashboard?

The dashboard on your car quickly tells you what you need to know to operate your car. A security program dashboard should do the same for your security program.

Loptr works with you to select the key metrics you need to monitor your security program. The dashboard provides a high-level view of security activities for executives, IT, and staff. If you have regulatory drivers like HIPAA or PCI DSS, we can add a compliance tab to the dashboard to provide an “audit readiness” view, too. If you use Splunk, we provide an app that you can use to maintain the security program dashboard on your own Splunk server.

Where do the metrics for a dashboard come from?

Loptr’s approach to security dashboarding adopts ideas from NIST SP 800-55, Performance Measurement Guide for Information Security. We work with you to select a combination of implementation, effectiveness, efficiency, and impact metrics that are broad enough to cover your program but attainable enough that you can collect the data.