Select Page
How to Build a Holistic Information Security Learning Program for Your Organization
March 24, 2021

The security of our information systems is now a number one priority. We can no longer think of a society without all the luxury of technology. These technologies are powered by information systems that need to be secured. Whether you are trying to secure a multibillion-dollar company, a government institution, or a small one-person business, everyone should start taking security seriously.

According to the NIST publication SP 800-50 there are three steps that lead to an effective security program. This program targets everyone in the organization at different levels and functions.

For Everyone.

Everyone should have basic information security understanding and know what they should do in case of a security event through an awareness program. Awareness is about helping people know what to do and not necessarily understanding how security works.

“Awareness is not training. The purpose of awareness presentations is simply to focus attention on security.” The Awareness program is intended to allow individuals to recognize IT security concerns and respond accordingly.

The awareness program should be based on key aspects of the organization’s information security policy. The information should be adapted to suit the need of everyone within the organization right from the top of the organization to the lowest level. Therefore, everyone within the organization should be provided with a security awareness program.

All IT System Users

All users using the information systems should be provided with basic information security training. This is in addition to the security awareness program for everyone. The security awareness program tells people not to click on a link in an email from an unknown sender but to delete it. But how does the user go about deleting this email securely?  Therefore, these users should be trained to carry out the recommendations in the security awareness program.

Any user exposed to the organization’s IT systems should be provided with basic information security and literacy training. The main difference between an awareness program and training is more formal, having a goal of building knowledge and skills to facilitate job performance. Training strives to produce relevant and needed security skills and competencies.”

Here, the organization needs to come out with the training need analyses and build a training program that ranges from a beginner to an advanced level.

IT and Security Professionals

Any misstep by any IT professional could easily lead to a security breach. It does not matter whether they are System Developers, Network Engineers, or Operating Systems Administrators.  They are all standing side by side with the information and cybersecurity professionals on the battlefield of cyberwarfare.

Education teaches people to make educated decisions. All IT professionals exposed to the information systems on a technical level should be well-educated to help them perform their jobs effectively and efficiently.

Therefore, a continued security education program that will provide them regular security training tailored to their job role should be available to them. A well-tailored information security education should be available at multiple levels. The beginners, the intermediate, and at the advanced level.  Organizations should strive to produce IT security specialists and professionals capable of vision and pro-active response.

 

 

More Articles

Surviving Identity Theft

Surviving Identity Theft

What is Identity Theft? Identity theft happens when a criminal steals information about you and uses that information to commit fraud, such as requesting unemployment benefits, tax refunds, or a new loan or credit card in your name. If you don’t take precautions, you...

Securing Wi-Fi At Home

Securing Wi-Fi At Home

Overview  To create a secure home network, you need to start by securing your Wi–Fi access point (sometimes called a Wi–Fi router). This is the device that controls who and what can connect to your home network. Here are five simple steps to securing your home Wi–Fi...

Understanding Network Security and Defence

Understanding Network Security and Defence

About The Understanding Network Security and DefenceThe Workshop is intended to help participants to understand defensive security. It is built on the concept of “The best defense is a good offense”. Network security professionals need to look beyond the configuration...