登录查看更多内容

What are the most common mistakes companies make when training employees on ISMS for network security?

由人工智能和领英社区提供技术支持

Network security is a vital aspect of any organization's information security management system (ISMS). However, many companies fail to train their employees effectively on how to protect the network from cyber threats, resulting in costly breaches and damages. In this article, we will discuss some of the most common mistakes companies make when training employees on ISMS for network security, and how to avoid them.

此文章中的业界达人

由社区从 3 条内容中精选。了解更多

Bassem Beidas

Senior Technical Leader at Freddie Mac | Digital Transformation Leader | Top Cloud Computing & Cybersecurity Voice on…

1 Lack of clear objectives and metrics

One of the first mistakes companies make is not defining clear and measurable objectives and metrics for their ISMS training program. Without knowing what they want to achieve and how to measure it, they cannot design, deliver, or evaluate their training effectively. For example, some companies may focus on compliance or certification, rather than on improving the network security posture or culture. Others may use vague or generic indicators, such as completion rates or satisfaction scores, rather than specific and relevant ones, such as knowledge retention, behavior change, or incident reduction.

To avoid this mistake, companies should align their ISMS training objectives and metrics with their network security goals and strategies, and use SMART criteria (specific, measurable, achievable, relevant, and time-bound) to define them. They should also monitor and analyze their training data regularly, and adjust their program accordingly.

添加您的观点

Hattie Irving

Cyber security consultant at Cyberfort
举报内容
Businesses can often make mistakes in regards to security training their employees through a lack of clear direction, providing out-dated resources and materials which many simply do not pay attention to. Engaging staff in their network security training (all mandatory training) should be a key strategic goal if the organisation wants the information they are trying to covey to be truly heard. End users are being put through this training not just to maintain business compliance, but to work collectively in trying to prevent cyber-security threats. If this was conveyed more succinctly through well thought-out materials personally I believe more people would take in what they are being shown.

已翻译

赞

2 Insufficient or outdated content and methods

Another common mistake companies make is not providing sufficient or updated content and methods for their ISMS training program. Network security is a dynamic and complex field, and employees need to learn the latest trends, threats, and best practices to protect the network effectively. However, many companies rely on outdated or generic content and methods, such as slides, videos, or quizzes, that do not reflect the current network security landscape or engage the learners. For example, some companies may use content that is too technical or too basic, or that does not cover the specific network security risks or scenarios relevant to their industry or role. Others may use methods that are too passive or too formal, or that do not provide feedback or reinforcement.

To avoid this mistake, companies should update and customize their content and methods for their ISMS training program regularly, and use a variety of formats, media, and techniques to deliver them. For example, they can use interactive and immersive methods, such as simulations, games, or labs, to create realistic and challenging network security situations and test the learners' skills and knowledge. They can also use microlearning and gamification to provide bite-sized and engaging content and methods that can be accessed anytime and anywhere.

添加您的观点

3 Lack of management support and involvement

A third common mistake companies make is not having enough management support and involvement for their ISMS training program. Network security is not only a technical issue, but also a strategic and cultural one, and it requires the commitment and participation of all levels of the organization. However, many companies do not have a clear and visible leadership role or sponsorship for their ISMS training program, or they do not involve the managers or supervisors in the training process. For example, some companies may not communicate the importance or benefits of the ISMS training program to the employees or stakeholders, or they may not allocate enough resources or time for it. Others may not encourage or enable the managers or supervisors to support, coach, or mentor the employees before, during, or after the training.

To avoid this mistake, companies should have a strong and active management support and involvement for their ISMS training program, and use it to create a positive and supportive network security culture. For example, they can assign a senior executive or a cross-functional team to champion and oversee the ISMS training program, and communicate its vision, goals, and expectations to the employees and stakeholders. They can also involve the managers or supervisors in the design, delivery, and evaluation of the training, and empower them to provide feedback, recognition, or incentives to the employees.

添加您的观点

4 Lack of follow-up and reinforcement

A fourth common mistake companies make is not following up or reinforcing their ISMS training program. Network security is not a one-time event, but a continuous and evolving process, and employees need to refresh and apply their skills and knowledge regularly to protect the network effectively. However, many companies do not provide any follow-up or reinforcement activities or resources for their ISMS training program, or they do not track or measure their impact. For example, some companies may not offer any refresher courses, reminders, or updates to the employees, or they may not provide any tools, guides, or policies to help them implement the network security best practices. Others may not assess or monitor the employees' performance, behavior, or outcomes after the training, or they may not provide any feedback, support, or improvement opportunities.

To avoid this mistake, companies should provide consistent and comprehensive follow-up and reinforcement for their ISMS training program, and use it to sustain and enhance the network security skills and knowledge of the employees. For example, they can offer periodic refresher courses, reminders, or updates to the employees, and provide them with practical and accessible tools, guides, or policies to support them in their network security tasks. They can also assess and monitor the employees' performance, behavior, or outcomes after the training, and provide them with feedback, support, or improvement opportunities.

添加您的观点

Bassem Beidas

Senior Technical Leader at Freddie Mac | Digital Transformation Leader | Top Cloud Computing & Cybersecurity Voice on LinkedIn | CISSP | Strategist |Active Listener | Mentor
举报内容
Information Systems Management System (ISMS) for network security is a journey and not a destination. A common mistake companies make is their complacency with the achieved milestone of a network security training program. In fact, continual improvement is a key aspect in employee training. This is due to the fact that network security threat patterns evolve with vigor as well as the frequent introduction of new attack vectors. In summary, ISMS training program for network security is recommended to be assessed, audited and periodically enhanced.

已翻译

赞

5 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

Avradeep Bhattacharya

Security Engineer @ Meta | Reality Labs Trust
举报内容
Here is another thing that one can consider: 1. You don't need to train all your employees. This reduces your overhead. 2. Empower your network team and network security team to automate your detection and response. This reduces blocks for your engineering/dev teams. 3. Block non-standard deployment and this is where you can put most of your effort to figure out if it requires custom solution.

已翻译

赞

Network Security

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

What are the most common mistakes companies make when training employees on ISMS for network security?

1

2

3

4

5

1 Lack of clear objectives and metrics

2 Insufficient or outdated content and methods

3 Lack of management support and involvement

4 Lack of follow-up and reinforcement

5 Here’s what else to consider

Network Security

给文章评分

感谢您的反馈

更多Network Security相关文章

更多相关阅读内容

What are the most common mistakes companies make when training employees on ISMS for network security?

1

2

3

4

5

1 Lack of clear objectives and metrics

2 Insufficient or outdated content and methods

3 Lack of management support and involvement

4 Lack of follow-up and reinforcement

5 Here’s what else to consider

Network Security

给文章评分

感谢您的反馈

查看其他技能