• TechnologyInnovator
• EnterpriseInnovator
• SecurityInnovator
• WirelessInnovator 

• NextInnovator(at)Live.com
• No spam, subscription newsletters, solicitations, or attachments please!
• Attn: Harold Abraham, Chief Innovator

• Cyberwarfare Headline News
• Biometrics & Surveillance Headline News
• Terrorism Headline News
• Guerrilla Warfare Headline News
• Nuclear Strategy Headline News
• WMD Headline News

• Stratfor Geopolitical Report
• Stratfor Daily Podcast
• Computerworld Security Blog
• eWeek Security Blog
• Information Security
• Infoworld Zero Day Security
• Cheap Hack: Larry Seltzer's New Blog
• McAfee Avert Labs Blog
• Mike Rothman's Blog
• Network Computing Daily Blog
• NetworkWorld, Buzzblog
• Security Fix, Brian Krebs
• ZeroDay, Ryan Naraine

• Over the River
• eMarketer 
• TechnologyPundits
• Security Insights Blog 
• McAfee AudioParasitics
• Strand Consult
• Ovum
• The Eye For Innovation
• Rethink Research
• Innovation Insights
• Innoblog
• Strategy and Innovation
• The Gadgeteer
• Handheld Speech
• Ghost City

 

Technology moves and evolves at such a fast pace that without a good training plan and motivated self learners, most IT professions get left behind after only a short amount time. For an organization to maintain security, it must afford the opportunity to its personnel to enhance their skill set through various training efforts.

Any organization that hopes to be ready to find and respond to attacks effectively owes it to their employees and contractors to find the gaps in their knowledge and to provide exercises and training to fill those gaps. A solid security skills assessment program can provide actionable information to decision makers about where security awareness needs to be improved, and can also help determine proper allocation of limited resources to improve security practices

Training is the most effective way to increase the workforce proficiency but is generally the first thing cut during economic challenges. The value add to an organizations security posture is directly proportionate to its willingness to allow its trained personnel to increase their skill set, which in turn increases the ability to identify security risks. Additional benefits include the ability to:

• Identify and report malicious activity
• Respond to an incident in accordance to set policies
• Minimize the impact of an incident
• Return to normal operation in a more efficient manner

There are a number of training opportunities available to organizations. These range from online webinars to locally hosted classrooms. Most training sessions can be tailored to meet the needs of an organization and the budget available.

Training comes in a variety of packages. Some are relatively inexpensive, while others are very costly for an organization. The organization must identify its critical needs to increase or maintain an excellent security posture and focus on training that meets the task at hand. Primary types of training that have the greatest impact:

• Specific, incident-based scenarios
• Lessons learned
• Trends and methods

Specialized pointed training gives added benefit to the organization and allows for the increase in workforce talent.

McAfee FoundStone Consulting offers Social Engineering security assessments that be used to test human security factors.

Portions of the above are taken from version 2.3 of The Twenty Critical Controls. You can also follow Dr. Eric Cole on twitter at drericcole or email eric_cole@mcafee.com. Courtesy McAfee.