HackDig : Dig high-quality web security articles for hacker

Why It's Important to Keep Security Training Curriculums Up-To-Date

2015-08-10 20:55

Why_Its_Important_to_Keep_Security_Training_Curriculums_Up-To-DateSecurity is one of the most fluid challenges faced by organisations.

The computing field is in a constant state of flux, with new technologies and applications appearing on an almost daily basis. This constant process of change and development means that the security threats faced by your organisation change just as regularly.

There’s no guarantee that the secure systems of today will be the same as the secure systems of tomorrow. Without constant vigilance, and a pro-active attitude to security, the best-practices your organisation currently follows will become obsolete in a matter of months, weeks, or even days.

The Set It and Forget It Mentality

Whilst increasing numbers of organisations are coming to understand the impact and importance of digital security, few approach it with the right mindset. Security training is typically viewed as a ‘set-it-and-forget-it’ solution to the problems posed by software vulnerabilities, malicious attackers and other threats. Organisations invest into a single security training course, and expect it to ensure the security of their developers, employees and network for months and years to come.

This problem is worsened by the poor reputation of security. An organisation’s employees often have to take time away from their current responsibilities to complete security training courses. Two or three day long classroom courses force employees away from the responsibilities their performance is assed upon, and engagement with the syllabus is reduced as a result. With so much information packed into these courses, it’s often extremely hard to retain and act upon the insights provided.  

Crucially, this approach to training does nothing to address future concerns. One-off training courses can only ever address current security threats, doing little to prepare developers and employees for the security problems of tomorrow. Instead of encouraging this mentality, it’s essential to view security as a constant, iterative process.

How to Keep Your Security Training Curriculum Up-to-Date

1) Make Security an Organisation-Wide Priority

Keeping up-to-date with changing security practices requires a pro-active attitude to training and research. With dozens of competing responsibilities, this can only happen with an executive mandate, demonstrating the value of security from the top of the organisation down. To learn more about prioritising security and enforcing training, you can read How to Enforce Developer Security Training.

2) Offer Role-Specific Training

The technologies and tools that developers use are updated on an incredibly frequent basis, and more than ever, developers are choosing to specialise in particular languages, platforms and technologies. In order to stay ahead of developments across hundreds of diverse fields, it’s essential to use role-specific developer training.

Instead of forcing developers to stay abreast of security changes in each-and-every topic, it’s better to adapt training to the individual needs of developers. Specialised training allows your development team to build cutting-edge security knowledge in their respective fields, and stay up-to-date with security in their area of expertise. Developers play a crucial role in security, capable of reducing threats and vulnerabilities at their source, so enrolling developers in role-specific training modules can have a huge impact on the security of your organisation.

3) Offer Regular Refresher Courses

Computer-based eLearning courses make it easy and cost-effective for employees to repeatedly engage with security training.

Instead of taking employees away from work once every few months, you can use short 2-3 hour computer-based sessions to encourage developers to continually engage with security training alongside their existing workload. Disruption can be minimised, and developers can access regularly updated security training modules in an engaging and effective way.

4) Make Training Easy to Access

An up-to-date, regularly revised curriculum will have no impact on security if your employees can’t access it.  Ease of dissemination is a critical factor, and employees need to be able to engage with new security information quickly and efficiently.

One of the best ways to enable this is to create a centralised repository of security information, allowing employees to quickly check-up on the best practices of security whenever they encounter a potential problem.

To learn more about rolling out an effective security training curriculum in your organisation, you can download our free whitepaper below.

how to roll out and effective application security training program


Source: smulucirruc-gniniart-ytiruces-peek-ot-tnatropmi-sti-yhw/golb/moc.eporuenoitavonniytiruces.www

Read:3088 | Comments:0 | Tags:No Tag

“Why It's Important to Keep Security Training Curriculums Up-To-Date”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud