Security & Privacy Awareness and Competence Testing
The Privacy Awareness and Competence Testing program for information security was created using the Kaspersky Automated Security Awareness Platform (K-ASAP) for the TRAnsparency, Privacy and security for European citiZEns (TRAPEZE) initiative. TRAPEZE is an international educational project that received funding from the EU Horizon 2020 program, with the aim of enhancing the knowledge on information management. This project caters mainly to senior citizens residing within the EU, but individuals of at least 18 years old may participate regardless of age.
Security & Privacy Awareness and Competence Testing is a training course spanning 8 topics:
- Passwords & Accounts
- Websites & the Internet
- Social Media & Messengers
- PC Security
- Mobile Devices
- Personal Data
The platform’s primary language is English, with a secondary option for French. In our localization process, we take into account the cultural subtleties of each region to tailor the content effectively. Therefore, we do not rely on literal translations but adapt both text and visuals to create a seamless experience for our users.
Each topic consists of 9–14 lessons, broken down into two difficulty levels. Each lesson is presented as interactive slides (theory, test, etc.) focusing on a specific aspect of the topic.
In addition to lessons, the platform also includes final tests that users must pass after each level, as well as a number of informative study guides. The total volume of material in the TRAPEZE Security & Privacy Awareness and Competence Testing project is about 230,000 words (for comparison, The Forsyte Saga is roughly 120,000 words).
My role on the TRAPEZE team
General management of content development
Since September 2018, I’ve been managing the team responsible for creating Kaspersky ASAP content, including lessons, interface, phishing emails, etc. Thus, I led the development of a comprehensive topic plan for the TRAPEZE and oversaw the entire process of content production and localization.
In 2021–2022, I released the current version of the competency model with necessary skills dispersed between platform topics, levels and lessons.
I personally wrote the following topics for the platform:
- Passwords & Accounts — 10 lessons, 2 final tests, 2 study guide emails and a simulated phishing attack;
- Email — 12 lessons, 2 final tests, 2 study guide emails and 2 simulated phishing attacks;
- Websites & the Internet — 12 lessons, 2 final tests and 2 study guide emails;
- Social Media & Messengers — 13 lessons, 2 final tests, 2 study guide emails and 2 simulated phishing attacks;
- PC Security — 11 lessons, 2 final tests, 2 study guide emails and 2 simulated phishing attacks;
- Mobile Devices — 14 lessons, 2 final tests, 2 study guide emails and a simulated phishing attack;
- GDPR — 9 lessons, 1 final test and a simulated phishing attack;
- Personal Data — 9 lessons, 1 final test and a simulated phishing attack.
The topics were developed by revising the core K-ASAP topics to conform with the TRAPEZE program’s specifications. The new lessons deliberately omit professional contexts and instead concentrate solely on supplying practical knowledge for daily life situations.
Each lesson consists of 10-20 slides, including introductory slides, theory, question slides, conclusion slides, etc.
Introductory slide example:
Theory slide examples:
Question slide example:
Conclusion slide example:
To confirm the material was actually learned at the end of each level, trainees take a test with 10-15 questions. Main test page example:
Question slide examples:
After each level, trainees are emailed a study guide with a summary of what was covered in the lesson. Email example:
Based on the results at certain levels, trainee skills are also tested via simulated phishing attacks. Phishing email example from level 1 of the Passwords and Accounts topic:
The system also has a number of interface emails for training managers and trainees, including a welcome email, program completion email, training statistics emails, topic certificates, and more.