- Blog
- March 2010
March 2010
Published on March 22, 2010 by Karen Letain in Other, Planning
Consistent updates will assist you in managing change throughout the yearly life cycle of your security awareness program. It is imperative that you update your program to ensure that training/ awareness/education deployments do not become stagnant and therefore irrelevant to real emerging issues faced by the organization. A planned and consistent update program will also allow you to address changes in security policy, directives and procedures driven from new threats, technologies or legislation. The following 5 steps we hope will assist you in managing program changes:
1. The awareness program should be continuously updated as new technology and associated security issues emerge. Typical program refresh time is every 12 months but changes in an organization’s policies or new emerging threats might dictate a shorter refresh cycle.
2. New training requirements will emerge as new skills and capabilities become necessary to respond to changes in technology and the overall security landscape. Look at implementing role-based e-learning – ie., manager training for new and existing managers, IT admin training, etc.
3. Changes to the organization’s objectives and/or mission can also affect how to best design training content and methods. Review resources and determine what mix of e-learning/seminar and/or outsourced training is required and balance training methods on both your current resources and budget.
4. Emerging trends and regulations/laws will also impact the type and extend of security awareness activities necessary to keep users educated about the latest threats and best practices.
5. New security directives will also drive the need to update and or explore additional training methods or components.
Published on March 13, 2010 by Karen Letain in News
According to American Medical News in the February 22 edition of their newspaper, one-third of health professionals store patient data on laptops, smartphones and USB memory sticks and only 39% of health care organizations encrypt data on mobile devices.
Provisions in the federal stimulus package have tightened HIPAA notification and enforcement regulations and have made HIPAA violations more costly. For example, the maximum civil penalty from the Dept. of Health and Human Services for a data breach occurring after Feb. 18, 2009, rose from $25,000 to $1.5 million.
Security experts recommend that the data is secured and encrypted making it next to impossible for anyone who happens to find it. More importantly, users of corporate mobile devices need to be educated on the responsibility and security of the devices provided by the organization and the organization's policy on using the devices. Security awareness of the risks inherent in using mobile devices is essential and should be part of a consistent security awareness program.
Published on March 05, 2010 by Karen Letain in News
The Computer Security Institute (CSI) released the 14th edition of its annual CSI Computer Crime and Security Survey in December 2009. Insight was gathered from 443 US-based respondents across both public and private sectors.
While respondents indicated they were not extremely happy about any of the technologies being currently used, they did feel that there is still a lack of a comprehensive solution for monitoring and measuring what is going on.
Respondents also expressed even greater concern over a perceived lack of proper security awareness training for users at endpoints. An amazing 43.4 percent of them said that less than 1 percent of their security budget was allocated to awareness training, and 55 percent said current investments in this area were inadequate.
Twenty-five percent of respondents said more than 60 percent of financial losses came from accidental breaches by insiders, not external hacks, and 16.1 percent said 81 to 100 percent of all losses came from accidental breaches as well.
Published on March 01, 2010 by Karen Letain in News
What can possibly go wrong? Find some applicable e-learning that meets the need to the organization, deploy and away you go…right? Wrong. There are multiple factors one must consider when choosing to deploy an e-learning program. There are the direct outcomes such as: learner retention, sustainability, ROI, and both business and learner impact. There are also adoption considerations, such as relevance, acceptance and completion. Also, you need to factor in alignment considerations, such as: approach, culture and problem definition. And finally, there are execution considerations, such as: cost, quality, technology and time to delivery. The good news….if you know what lies ahead, it is easier to plan. Before starting your e-learning program, make a list of all the variables and plan in advance. Elearnity, the inspiration for this blog, has a great free presentation that is definitely worth reviewing at http://www.elearnity.com/EKCLoad.htm?load=byKey/DWIN82RLKF. Enjoy and be prepared.
