Joe Ferrara | December 07, 2011

Guest Opinion: Security Training's Ten Commandments

A year of historic breaches at RSA, Epsilon, Lockheed Martin and even the Sony PlayStation Network, demonstrates how ineffective the best security technologies can be when people are involved.

Many attackers today leverage the human factor, bypassing most security controls and using techniques such as social engineering to get the information they want by simply luring users to open an email, click on a link or download an attachment.

Information security people think that simply making users aware of security issues will make them want to change their behavior. However, a fundamental problem is that most awareness programs are created and run by security professionals – people who were not hired or trained to be educators.

These training sessions have traditionally consisted of long, monolithic lectures and boring slideware with no thought or research into what and how material should be taught. As a result organizations are not getting the desired results and no overall progress can be tracked.

Obviously, a holistic approach that embraces technology and training is required to effectively counter the escalating number of cyber attacks credit unions are facing today. However, training for the sake of training won’t necessarily yield the results your institution is looking to achieve.

By applying proven learning science principles and techniques, credit unions can yield superior results in training efforts and help fortify their organization against its potentially weakest link.

Read the rest of the article at Credit Union Times