SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
Need Help? Email [email protected]
  • LOGIN

E-SPIN Group

CONTACT US / GET A QUOTE
  • No products in cart.
  • HOME
  • PROFILE
    • Corporate Profile
    • About us
    • Customer Overview
    • Investor Relations
    • Procurement
  • GLOBAL THEMES
    • Artificial Intelligence (AI)
    • Big Data
    • Blockchain
    • Cloud Computing
    • Cognitive Computing
    • Cyber Security
    • DevSecOps
    • Digital Transformation (DT)
    • Modern Workplace
    • Internet of Things (IoT)
    • Quantum Computing
  • SOLUTIONS
    • Application Security
    • DevSecOps
    • Digital Forensics
    • IT Operations Management (ITOM)
    • Malware Analysis and Reverse Engineering
    • Network Management System (NMS)
    • Network Operation (NetOps)
    • Network Performance Monitoring and Diagnostics (NPMD)
    • Penetration Testing
    • Secure Development
    • Security Information & Event Management (SIEM)
  • INDUSTRIES
    • Aerospace & Defense
    • Automotive
    • Banking & Financial Markets
    • Chemical & Petroleum
    • Commercial and Professional Services
    • Construction & Real Estate
    • Consumer Products
    • Education
    • Electronics
    • Energy & Utilities
    • Food & Beverage
    • Information Technology
    • Insurance
    • Healthcare
    • Goverment
    • Telecommunications
    • Transportation
    • Travel
    • Manufacturing
    • Media & Entertainment
    • Mining & Natural Resources
    • Life Sciences
    • Retail
  • PRODUCTS
    • Brand Overview
      • Acunetix
      • E-Lock
      • Hex-Rays
      • Immunity
      • Progress | Ipswitch
      • Metageek
      • Qualys
      • Parasoft
      • Tenable
      • Titania
      • Veracode
    • Rest of Brands
      • Adobe
      • BeyondTrust
      • Core Security
      • DefenseCode
      • HCL
      • ImmuniWeb
      • LiveAction
      • McAfee
      • Micro Focus
      • Microsoft
        • Microsoft Surface
      • Netsparker
      • Nutanix
      • Paessler
      • PECB
      • Portswigger
      • Red Hat
      • Riverbed
      • RSA
      • Solarwinds
      • TamoSoft
      • Trend Micro
      • TSFactory
      • Trustwave
      • VMware
      • VanDyke
      • Visiwave
    • Services Overview
    • Line Card
  • e-STORE
    • e-STORE
    • eSTORE Guide
    • SUPPORT
  • CAREERS
    • Careers
    • Culture, Values and CSR
    • How We Hire
    • Job Openings
  • BLOG / NEWS
    • Blogs and News
    • Resources Library
    • Calendar of Events
  • CONTACT
  • Home
  • Brand
  • Security Innovation
  • The Importance of Security Awareness and Training
The Era of Free Education
0
E-SPIN
Thursday, 08 October 2015 / Published in Security Innovation, Solution

The Importance of Security Awareness and Training

The Importance of Security Awareness and Training

Security Awareness and Training are Important

Information security, like everything else, is a human enterprise and is influenced by factors that impact the individual. It is well recognized that the greatest information security danger to any organization is not a particular process, technology, or equipment; rather, it is the people who work within the “system” that hide the inherent danger. Therefore, IT security is a “people issue” and awareness programs address common “people” problems.

We know that solutions for yesterday’s security issues are obsolete today, and the security solutions we have today may be obsolete tomorrow. The security environment is constantly changing and the variety of solutions is growing at a phenomenal rate. Awareness is a crucial element in addressing these issues.

Company-wide security awareness training and education initiatives that include, but are not limited to classroom style training sessions, security awareness websites, helpful hints via e-mail, or even posters as a campaign are methods that can help ensure employees have a solid understanding of company security policy, procedure and best practices.

A well-designed, effective awareness program reminds everyone — IT staff, management, and end users — of the dangers that are out there and things that can be done to defend the organization against them. Providing your personnel with the security and privacy information they need, and ensuring they understand and follow the requirements, is an important component of your organization’s business success.

If your personnel do not know or understand how to maintain confidentiality of information, or how to secure it appropriately, you not only risk having one of your most valuable business assets (information) mishandled, inappropriately used, or obtained by unauthorized persons, but also risk being in noncompliance of a growing number of laws and regulations that require certain types of information security and privacy awareness and training activities. You also risk damaging another valuable asset, corporate reputation.

Information security awareness, training and education are important for many reasons, including the following.

1. Regulatory Requirements Compliance

There are an increasing number of laws and regulations that require some forms of training and awareness activities to occur within the organizations over which they have jurisdiction. Failure to train employees for product, process, policy and practice, could violate compliance requirements and expose enterprises to legal liability. Laws requiring security and privacy awareness or training programs apply to:

  • The Federal Government (Federal Information System Security Managers’ Act)
  • The Health Care Industry (Health Insurance Portability and Accountability Act)
  • Financial Institutions (Gramm-Leach-Bliley Act and Sarbanes-Oxley Act)
  • Publicly-traded Companies (Sarbanes-Oxley Act)

The Federal Information System Security Managers’ Act (FISMA) requires government agencies to report on their security awareness and training efforts annually.

National Institute of Standards and Technology (NIST) has developed Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, which addresses controls that Federal organizations are required to implement for unclassified information systems. One of those controls is “security awareness training”. Successful integration of security and privacy controls into ongoing organizational processes will demonstrate a greater maturity of security and privacy programs and provide a tighter coupling of security and privacy investments to core organizational missions and business functions.

NIST also acknowledges that the awareness program must comply with the 5 Code of Federal Regulations (C.F.R.) Part 930.301, whereby everyone must receive initial awareness training before accessing systems and refresher training at least annually. It defines 5 specific roles that must receive awareness training:

  1. All users
  2. Executives
  3. Program and functional managers
  4. Chief Information Officers (CIOs), IT security program managers, auditors, and other security-oriented personnel (e.g., system and network administrators, and system/ application security officers)
  5. IT function management and operations personnel

NIST SP 800-50, Building An Information Technology Security Awareness and Training Program, provides guidance for building an effective information technology (IT) security program and supports requirements specified in the FISMA. The NIST Computer Security Handbook cites the importance of managers to understand security consequences and costs, and thereby they must take security as an important factor when making decisions.

OMB Circular A-130 requires that system users receive security awareness instruction prior to being granted access to the system, and it requires periodic refresher training for continued access.

2. Customer Trust and Satisfaction

Respect for customer security and privacy is one of the most important issues facing your company today. The public is getting sick and tired of reading about privacy breaches every day in the headlines, and they want to know that your company is doing everything reasonable and responsible to safeguard their personally identifiable information (PII).

To gain and keep customer trust, your company must exercise good judgment in the collection, use, and protection of PII. Not only do you need to provide training and awareness of this to your personnel, but you also need to keep your customers, with whom you already have a business relationship, and consumers, with whom you would like to have a business relationship, and who may have provided some information to you, informed regarding what you are doing to protect their privacy and ensure the security of their information through various awareness messages.

All employees or companies directly handling or influencing the handling of your company’s customer PII should receive targeted security and privacy training before handling customer information. They should also receive ongoing awareness communications to reinforce security and privacy issues and requirements and help to embed such practices within their daily work activities.

3. Corporate Reputation

Reputation is another critical organizational business success asset. Without a good reputation, customers leave, sales drop, and revenue shrinks.

A component of managing a good reputation is ensuring that personnel and business partners follow the right information security and privacy precautions to lessen the risk of compromising private information; such incidents will likely lead to some very unfavorable news reports and media attention.

In conclusion, Government and industry organizations must protect the confidentiality, integrity, and availability of information in today’s highly networked systems environment. The best way to achieve a significant and lasting improvement in information security is not by throwing more technical solutions at the problem, instead it is by raising awareness, training and educating everyone who interacts with computer networks, systems, and information in the basics of data, information, network and cyber security. Information security awareness programs serve a critical role in keeping an organization safe by keeping the user community vigilant against the dangers of intruders.

E-SPIN as the end-to-end security solution services provider, supply consultancy, technology and services for the clients to yield the holistic return on their security program and investment. Please feel free to contact E-SPIN for the package solution that go beyond product technology that comes with consultancy, training and maintenance support for the effectiveness of enterprise IT risk management best practice.

Tagged under: E-SPIN, Information Security, Risk Management, Security Awareness, Security Innovation, Security Issue, Security Program, Security Solution, Security Training

What you can read next

Comparing PaaS, Serverless and FaaS
Comparing PaaS, Serverless and FaaS
The Benefit Using Performance Monitoring Tool?
The Benefit Using Performance Monitoring Tool?
System and online application development, integration and customization

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Mobile Application Security Testing (Mobile AST) Solution

    Since 1997, the Nokia 6110 included a built-in ...
  • Next wave for the change

    While the COVID-19 pandemic has yet to end, due...
  • Webinar Veracode Static Analysis (SAST)

    This is routine hour long technical overview, h...
  • World at the speed of light toward Digital Transformation

    The whole world is impacted by COVID-19 pandemi...
  • Trends make DevSecOps in the mainstream adoption

    World is changing rapidly, despite COVID-19 pan...

Recent Comments

  • Dorai M on 5 Common ML Challenges Data Scientists Face

Archives

  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 2015
  • December 2014
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • February 2012
  • July 2011
  • June 2011
  • February 2009
  • July 2008

Categories

  • Acunetix
  • Adobe
  • Aerospace and Defence
  • AppSec Labs
  • Automotive
  • Banking and Financial Markets
  • BeyondTrust
  • Brand
  • Chemical and petroleum
  • Codified Security
  • Commercial and Professional Services
  • Construction and Real Estate
  • Consumer products
  • Contact Us
  • Core Impact
  • Core Security
  • DefenseCode
  • E-Lock
  • Education
  • Electronics
  • Energy and utilities
  • FAQ
  • Food and Beverage (F&B)
  • GFI
  • Global Themes and Feature Topics
  • Government
  • HCL
  • Healthcare
  • Hex-Rays
  • IBM
  • Immunity
  • ImmuniWeb
  • Industries
  • Information Technology
  • Insurance
  • Ipswitch
  • Job
  • Life Science
  • LiveAction
  • Logpoint
  • Manufacturing
  • McAfee
  • Media and Entertainment
  • Metageek
  • Micro Focus
  • Microsoft
  • Mining and Natural Resources
  • Nessus
  • Netsparker
  • News
  • Nutanix
  • Paessler
  • Parasoft
  • PECB
  • PortSwigger
  • Pradeo
  • Product
  • Qualys
  • Rapid7
  • RedHat
  • Retail
  • Retina
  • Riverbed
  • RSA
  • Security Innovation
  • Security Roots
  • Services
  • SILICA
  • Smart City
  • Soft Activity
  • SolarWinds
  • Solution
  • Symantec
  • TamoSoft
  • Telecommunications
  • Tenable
  • Titania
  • Transportation
  • Travel
  • Trend Micro
  • Trustwave
  • TSFactory
  • Uncategorized
  • Vandyke
  • Veracode
  • Videos
  • VisiWave
  • VMware
  • Webinar Archive

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

CORPORATE

  • Profile
  • About us
  • Careers
  • Investor Relations
  • Procurement

SOLUTIONS & PRODUCTS

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services

STORE & SUPPORT

  • Shop
  • Cart
  • Checkout
  • My Account
  • Support

PRODUCTS & SERVICES

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services

FOLLOW US

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • Google+
  • YouTube
  • WordPress Blog
© 2005 - 2020 E-SPIN Group of Companies | All rights reserved.
  • Contact
  • Privacy
  • Terms of use
TOP