Security Departments Focus on Network Speed over Network Protection

Sue Marquette Poremba

This website caught my eye. It comes from Westfield Insurance and the first sentence ponders the question: Does the company really need information security training? The short answer is, of course, yes:

Setting aside the value-based approach of "doing the the right thing" to keep information secure and private, most people are surprised to learn Information Security awareness and training is a compliance obligation often required by law, industry regulation, and or business contract. Additionally, it is called out in numerous "best practice" frameworks.

That's the right attitude, but one that many companies, especially small and medium-sized businesses, don't put into practice. My colleague Paul Mah wrote about a study co-sponsored by the National Cyber Security Alliance and Symantec:

Perhaps what struck me most was the fact that only 35 percent of SMBs provide training to their employees on the areas of Internet safety and security. Even for SMBs who say they offer training, the majority -- 63 percent -- actually offer less than five hours a year. That's just half a typical work day for you, and we haven't even started nitpicking on the topics covered or the quality of the "security" training yet.

Add to that information posted at InformationWeek:

Firms with fewer than 1,000 employees typically don't have a dedicated security team, unless they're highly regulated. Security functions get delegated to a jack-of-all-trades who has to "deal with" security. Too often, it's ignored by executive managers, who don't expect any real pain from weak security. This leads to an overemphasis on check-box security, like making sure operating systems are patched, and not enough on assessing risks and training end users against them.

So what steps can SMBs take to make sure employees are trained to keep up with information security compliance? An article at Channel Insider suggested starting small, tailoring security training programs around customers who need to fall in line with regulatory mandates, and take advantage of distance learning opportunities with trusted vendors.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data

Thanks for your registration, follow us on our social networks to keep up-to-date