Security Awareness Learning and User Education Platform

The Vendor is required to provide a software system to educate its users on best practice security awareness as well as provide an integrated testing platform to educate users on recognizing phishing, spoofing and business email compromise (BEC) attacks through commonly used platforms such as email.
- The platform solution must be able to provide security media using diverse modalities, including posters, videos, and configurable email-based tips.
- This requires that the platform provide content that is capable of quickly providing information and training on evolving threats as well as up to date best practices. Designed to fit various communication venues such as email tags, Intranet articles of interest.
- The intended outcome is to heighten user mindfulness of the tactics used by bad actors to infiltrate the corporate computing environment and to deceive workforce members into providing information that will enable such infiltration.
- Ability to create custom content, including unique multi-media content, which can be uploaded and integrated into the education platform. Custom content must be able to be delivered via SCORM in a continuous format.
- Ability to brand content and append content with disclaimers (or additional information) meant to enhance the relevance of the training with County policy or guideline information and references.
- Content delivery format and length should be varied, from micro training of ~5 minutes to more comprehensive training lasting 30-45 minutes or more.
- Solution should be able to provide different levels of training (basic users, intermediate, IT professionals, and management). The training for different levels must include a variety of content and options.
- Ability to create training campaigns and validate training effectiveness through direct phishing, BEC, impersonation simulations.
- Platform should incorporate modern techniques of immersive user interaction including gamification, and fully interactive scenario-based training that resonates with users to maximize content delivery and retention.
- Platform should deliver measurable behavior change.
- Ability to decentralize management of training and phishing campaigns by department in a tenant-like environment or through role-based access controlled (RBAC) environment while also maintaining the role of platform wide administration and reporting.
- Platform should provide suggested areas for improvement based on test results.