- Blog
- skill deficiency
skill deficiency
Published on March 05, 2010 by Karen Letain in News
The Computer Security Institute (CSI) released the 14th edition of its annual CSI Computer Crime and Security Survey in December 2009. Insight was gathered from 443 US-based respondents across both public and private sectors.
While respondents indicated they were not extremely happy about any of the technologies being currently used, they did feel that there is still a lack of a comprehensive solution for monitoring and measuring what is going on.
Respondents also expressed even greater concern over a perceived lack of proper security awareness training for users at endpoints. An amazing 43.4 percent of them said that less than 1 percent of their security budget was allocated to awareness training, and 55 percent said current investments in this area were inadequate.
Twenty-five percent of respondents said more than 60 percent of financial losses came from accidental breaches by insiders, not external hacks, and 16.1 percent said 81 to 100 percent of all losses came from accidental breaches as well.
Published on December 14, 2009 by Karen Letain in Planning, Reinforcement Tools
I purchased a new pair of runners for my 7 year old and these had laces. I had taught him to tie his shoes in Kindergarten but with most of the shoes and boots having velcro, I did not realize that the lesson taught in Kindergarten did not stick. I was both shocked and dismayed to realize that my Grade 2 child did not know how to tie his shoes! As a parent I also had that wonderful "guilt" feeling that goes along with realizing that I probably didn't do a very good job initially as I was in a rush (as always) and should have probably spent more time having him practice so that he retained the knowledge. I also should have bought him more shoes with laces!
So...how does this relate to security awareness? Like any type of training or learning, if a person does not practice what has been learned it does not get retained. Security awareness is even more difficult since we are ultimately trying to change behavior. Individuals are already set in their ways of performing various job tasks throughout the day. Security awareness is about changing the way in which those tasks are performed. Teaching a security awareness class once a year and providing no other reinforcement or communication on the subject will not sufficiently change behavior of your end users.
Not putting aside enough time as an educator to ensure that your security awareness program is planned and supported properly will lead to additional stress, guilt and ultimately to the failure of the awareness program.
So...what do we do? We must ensure that awareness is done in small bite sized amounts that are easily digestible and then follow up with reinforcement tools or methods - ie., posters, newsletters, video clips, spot checks or walkabout reminders that catch people doing what was taught correctly or not correctly. Providing continuous training throughout the year will aid in retention. Providing rewards and or encouragement for the training being accomplished and for a change in behavior will provide you with a better and more widely accepted security awareness program.
Published on July 05, 2009 by Karen Letain in News
e-Learning, can deliver enormous effectiveness gains to an organization. But how do you justify the initial investment and how do you ensure that learning is aligned with the company's business goals?
Almost everyone realizes that eLearning provides convenient 24/7 access to learning, tremendous cost savings, reduced time away from the job, centralized knowledge management and built-in ease of use in terms of student enrollment, course management and tracking.
However, telling managers about the benefits of e-learning is not enough. They need to understand that e-Learning can solve a distinct business problem(s). How can you tackle this?
1. Establish a baseline measure of current performance, and clearly indicate how performance will be tracked and reported. Management is looking for results. You need to show them the results.
2. What is management willing to accept as persuasive evidence that the program produced the agreed upon result? Establish these results guidelines with management prior to starting your e-learning program.
3. Establish a link between a particular skill deficiency and a particular business outcome. The process of tracking learning results starts before any learning takes place.
4. Determine what major skill gaps and learning deficiencies are potentially holding the company back.
5. Estimate the expected dollar value to be gained by eliminating the deficiency.
5. Get agreement on the expected outcomes, how they will be measured, and what constitutes good performance.
