How to Provide Security and Compliance Training to Diverse Workforces

 
 
By Barry Cooper  |  Posted 2010-06-01 Email Print this article Print
 
 
 
 
 
 
 

To prevent data breaches, enterprises often strengthen their IT systems and implement policies that prevent employees from accessing information they don't need. However, the one step enterprises often overlook is properly training their large, round-the-clock workforces on how to integrate security and compliance-focused habits into their everyday job roles. Here, Knowledge Center contributor Barry Cooper explains why regulated enterprises need to make training a part of their security initiatives and how enterprises of all types can implement affordable and effective security training to worldwide workforces.

Your IT security team has done due diligence in hardening your organization's IT infrastructure to align it with the latest regulations. You've deployed state-of-the-art Data Loss Prevention (DLP) and intrusion prevention systems (IPSes), firewalls, and antivirus and antimalware solutions. And you have personally overseen all recent compliance audits. You think you can now rest easy; after all, you've raised your organization's security and compliance posture to the highest level possible.

But, suddenly, your world is turned upside down after reading a letter from a credit card company informing you that it believes your organization is the victim of a breach that has compromised payment card information on millions of your customers. You wonder, "How could this be? We've taken every precaution possible!"

Several months later, a time-consuming and expensive forensic audit reveals that cyber-criminals penetrated your network using an employee's user name and password. It's possible that the criminals obtained the password because the employee opened up a document rigged to take advantage of a zero-day exploit.

In this case, it took only one oblivious employee-who had no understanding of how important it is to avoid opening attachments from unknown and unverified sources-to reduce your IT security infrastructure to the equivalent of an unlocked door with a red blinking sign that reads, "Come on in and take our cardholder data!"

To prevent data breaches and security incidents, organizations operating within regulated environments spend years continually hardening their IT systems and controlling access to information so that employees, customers and business partners only have access to what they need to do their jobs. However, with all of the effort put into information security strategies, one step is often overlooked: training.

Hardening your IT systems without training employees leaves a gaping security hole. Training employees on the latest standards and best practices on how to integrate information security and compliance-focused habits into their everyday functions (and how to recognize suspicious behavior) are all critical components that should be a part of any information security strategy.

Unfortunately, training is expensive and resource-intensive. It is no simple task to create a training curriculum, prepare materials (and keep them updated), and then ensure that the training is available around-the-clock to meet the schedules of employees who may be located throughout the world.




 
 
 
 
Barry Cooper is Vice President of Training Services at FishNet Security. Barry has over 20 years of experience in IT. He has designed and provided training for technical courses for over 15 years. He has significant expertise in systems analysis, programming, and network engineering. Barry is responsible for security education services, operations, management and leadership of the FishNet Security's training organizations. In addition, he manages vendor, security and distance learning product development. Barry has over 70 high-level security and technical certifications including CISSP, JNCI (Juniper instructor), CCSI (CheckPoint instructor) and CTT+ (Certified Technical Trainer). He is a member of the American Society for Training and Development (ASTD) and the United States Distance Learning Association. Barry earned a Bachelor's degree in Organizational Leadership from Calvary Bible College and is currently pursuing a Master's degree in education. He can be reached at barry.cooper@fishnetsecurity.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel