One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1495745 |
| Date de publication | 2019-11-26 17:57:12 (vue: 2020-01-03 15:00:04) |
| Titre | NBlog Nov 26 - 7 ways to improve security awareness & training |
| Texte |  Although 7 Ways to Improve Employee Development Programs by Keith Ferrazzi in the Harvard Business Review is not specifically about information security awareness and training, it's straightforward to apply it in that context. The 7 ways in bold below are quoted from Keith's paper, followed by my take.1. Ignite managers' passion to coach their employees. I quite like this one: the idea is to incentivize managers to coach the workforce. As far as I'm concerned, this is an inherent part of management and leadership, something that can be enabled and encouraged in a general manner not just through explicit (e.g. financial) incentives. For me, this starts right at the very top: a proactive CEO, MD and executive/leadership team is in an ideal position to set this ball rolling on down the cascade - or not. If the top table is ambiguous or even negative about this, guess what happens! So, right there is an obvious strategy worth pursuing: start at, or at the very least, include those at the very top of the organization ... which means taking their perspectives and addressing their current information needs, preferred learning styles and so forth (more below: directors and execs are - allegedly - as human as the rest of us!).2. Deal with the short-shelf life of learning and development needs. 'Short shelf-life' is a nice way to put it. In the field of information risk and security, the emergence of novel threats that exploit previously unrecognized vulnerabilities causing substantial business impacts, is a key and recurrent challenge. I totally agree with the need to make security awareness an ongoing, ideally continuous activity, drip-feeding workers with current, pertinent information and guidance all year long rather than attempting to dump everything on them in a once-in-a-blue-moon event, session or course. Apart from anything else, keeping the awareness materials and activities topical makes them more interesting than stale old irrelevant and distracting junk that is 'so last year' (at best!).3. Teach employees to own their career development. An interesting suggestion, this, especially for the more involved infosec topics normally taught through intensive training courses rather than general spare-time awareness activities. I'm not sure off-hand how this suggestion would work in practice, but it occurs to me that periodic employee appraisals and team meetings provide ample opportunities to offer training and encourage workers to take up whatever suits their career and personal development aspirations. |
| Envoyé | Oui |
| Condensat | 7 for keith about absent accept accepting accessible activities activity adapting addressing advice again agree all allegedly although ambiguous ample another any anything apart appealing apply appraisals appreciation approach are article aspects aspirations asserts attempt attempting audiences awareness ball before being believe below below: best beyond blog blue bold both broader build business but can career cascade causing cell ceo challenge challenges coach comply comprised computers concerned concerns consider consoles conspicuously content context continue continuous corporations coupled course courses crave creative curiously current day days deal deep demand developed development diagram differ different directors discover/learn dispersed distracting does doing don doomed down drip dump either else emergence employee employees enabled encourage encouraged enforcement engage engaging entice especially even event everything example example” execs executive/leadership experience explicit exploit explore extends extent face fact failure far feeding ferrazzi fewer field filling financial fits flexible followed forth framework free from fundamental games general geographically goes good groups guess guidance hammer hand happens hard hardly harvard have hbr hence hmmmm honesty how human idea ideal ideally ignite impacts improve incentives incentivize include incorporating individuals information infosec inherent instance instructions intensive interesting interests internalizing interpret involved irrelevant issue issues items junk just keeping keith key known last leaders leadership learning least leisure life like lists long love make makes making management managers manner match materials may maybe means meetings millennials moments moon more most motivating motivation much naturally nblog necessary need needs negative news nice non normally not nov novel obvious occurs odd off offer old once one one: ongoing only openly openness opportunities options organization organizational other others otherwise own paper part participate passion people periodic personal perspectives persuaded pertinent phones piece plus position potentially practice prefer preferred present previously proactive professionals programs provide provocatively pursuing: put quite quoted rather read reading rebel recurrent refers regardless reinforcement rejecting resent rest review rewards right risk rocket rolling saying security serious serve session set seven shelf short should simple simply size social some something sorts sound spare specifically stale start starts statement straightforward straightforwardly strategy stuff styles substantial suggest suggestion suggestions suits sure surgery table take taking taught teach team teams than that them there these things those though threaten threats through time told top top: topic topical topics totally tough training transparency true trust turn unconcerns undermines unfortunately unless unrecognized usefully using vary very video view virtual vulnerabilities waste way ways what whatever which will word words work workers workforce working worth worthwhile would wrong year “lead |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.