This morning I was listening to my usual favorite radio station and was somewhat surprised to hear a guest talk about how he was going to be at a local grocery store parking lot tomorrow to offer free shredding services to help raise awareness of identity theft and in observation of “Secure Your ID” Day…
Archive for the ‘Training & awareness’ Category
Tomorrow is “Secure Your ID” Day
Friday, September 19th, 2008Obtaining Support and Funding from Senior Management
Thursday, September 18th, 2008Throughout the late spring and summer months I had the great opportunity to participate in an talented workgroup sponsored and led by the European Network and Information Security Agency (ENISA) to create a new, and quite valuable, resource for information security practitioners to help them obtain funding and sponsorship for the training and awareness programs.
Not Enough Police To Deal With Cybercrime
Monday, September 8th, 2008Here’s an interesting article about cybercrime to kick off Day 1 of Global Security Week…
5 Easy Things To Do for Global Security Week, September 8 – 12
Tuesday, September 2nd, 2008Next week is Global Security Week!
Do you have anything planned for your organization to help raise the awareness of all types of security issues?
Here are a few ideas I wanted to pass along to you…
Free Info Sec & Privacy Training Hosted By The FTC and COPP
Thursday, July 31st, 2008If you’re in the Los Angeles area on August 13, here’s what looks to be a good, FREE, day of getting information security and privacy training hosted by the U.S. Federal Trade Commission (FTC) and the California Office of Privacy Protection (COPP).
If you are a company with no dedicated information security or privacy position, like most small and medium sized businesses (SMBs), then go to this event to hear WHY you need to make efforts to safeguard your customers’ and employees’ personally identifiable information (PII). Hey, if you’re in the area, it’ll only cost your time!
Here’s the full announcement…
17 Info Security & Privacy Topics Call Center Staff Must Understand
Tuesday, July 29th, 2008Okay…back to my continuing lecture on the need to provide targeted training on specific information security and privacy topics to the various responsibility groups throughout your enterprise.
Consider this; what if you took a driver’s education class and all they told you to do, by showing you on a PowerPoint slide, is how to put the key in the ignition, turn the engine over, how to press the accelerator to move forward, and how to press the brakes to stop. Then they told you to go out there and drive…have it it! Would you be well prepared to get onto the road and deal with all the other things you need to know about driving? Most likely not. If you feel you would be well prepared, please tell me you will not be driving on the central Iowa roads… 🙂
People Need Periodic, Effective, Training And Ongoing Awareness To Truly Safeguard Information
Friday, July 25th, 2008Imagine this; what if you were given training just one time, in a 1-hour session with no hands-on practice, for how to do first aid and give CPR and then were never given more training or reminders about how to do first aid and CPR…two years later would you be able to competently perform first aid when someone needed it? Probably not. Probably not even 1 year later, or even 6 months later.
People need to have regularly scheduled training and ongoing awareness in how to do activities competently. You cannot expect to give a 1-hour, often poorly-constructed, training course about information security or privacy and the have the people taking the training know what to do weeks or months or even yeas later. However, this is the situation that occurs in a very large portion of organizations.
It is no wonder that the majority of security incidents and privacy breaches occur as a result of lack of knowledge and mistakes.
Here is the third part of the third article, “Providing Call Centers with Information Security and Privacy Education,” in my July issue of IT Compliance in Realtime, that speaks to this issue…
Call Center Folks Have Huge Amounts Of Access TO PII
Thursday, July 24th, 2008Need more reasons from my post from yesterday about why call centers need targeted training and ongoing awareness?
If so, then here is the second part of the third article, “Providing Call Centers with Information Security and Privacy Education,” in my July issue of IT Compliance in Realtime…
The Area With The Most Customer Contact Usually Has The Least Information Security and Privacy Training
Wednesday, July 23rd, 2008Think for a few moments about the area in your company that has the most, or close to the most, direct contact with your customers and consumers…
