• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.001 ■ Fall 2023 ■ David Lanter
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project

Question 2

September 21, 2023 by David Lanter 24 Comments

Where would you recommend an organization find practical cost-effective training for its employees?

Filed Under: Unit 05: Creating a Security Aware Organization Tagged With:

Reader Interactions

Comments

  1. Hashem Alsharif says

    September 23, 2023 at 7:54 pm

    While many organizations may spend thousands if not millions on educational material for their staff, not all companies have that luxury. Some are small businesses, others are non profit. regardless of how much money an organization may have, everyone is entitled to cost effective training. some of these include ThreatSIM which is by Wombat Security, Phishme, or any other Learning Management System from other vendors. It is through these programs that viruses can be simulated and the students who use this software can learn from it, so that it won’t happen with their own personal information.

    Log in to Reply
    • Ooreofeoluwa Koyejo says

      September 24, 2023 at 6:11 pm

      I have heard of the Phishme platform for phishing training and another one I’m familiar with is the KnowBe4 platform.

      Log in to Reply
    • Bo Wang says

      September 26, 2023 at 9:07 pm

      I used to work as an intern in a construction company. Their training was to find free videos on the Internet for employees to learn, so as to save costs.

      Log in to Reply
  2. Bo Wang says

    September 24, 2023 at 12:21 pm

    I suggest that organizations look for relevant videos on the Internet, or buy some online courses for employees to learn on their own, or invite a professor from a university to give a lecture.

    Log in to Reply
    • Ooreofeoluwa Koyejo says

      September 24, 2023 at 6:12 pm

      These initiatives are good and can be explored by small businesses. While an academic professor can be a good fit for a lecture, small businesses might require a more practical approach where cybersecurity practitioners are more suited,

      Log in to Reply
  3. Nicholas Nirenberg says

    September 24, 2023 at 12:39 pm

    There are many ways for an organization to find practical cost-effective training for its employees. The cheapest but potentially limited option would be to have the in-house IT security team create a presentation or seminar of some kind to educate employees on an aspect of IT security. A more expensive but more versatile and long term solution would be to use a platform offered by a third party vendor. These include but aren’t limited to ThreatSIM, a tool that can be used to create and monitor mock phishing emails, and Phishme, which is similar.

    Log in to Reply
    • Ooreofeoluwa Koyejo says

      September 24, 2023 at 6:14 pm

      Leveraging in-house expertise definitely helps small businesses the cost of external employee security awareness education and training.

      Log in to Reply
    • Celinemary Turner says

      September 25, 2023 at 10:51 pm

      I entirely agree with the two approaches you mentioned in your post: In-house IT security Team and third-party vendor. However, the choice should based on an organization’s specific needs.

      Log in to Reply
  4. Edge Kroll says

    September 24, 2023 at 4:29 pm

    Organizations could consider online resources. Online training platforms like Coursera and LinkedIn Learning offer cybersecurity courses. These platforms often provide flexibility in terms of scheduling, allowing employees to learn at their own pace. Additionally, organizations can explore free resources from educational institutions and government agencies, such as NIST and CISA, which offer valuable training materials without any cost.
    Organizations could also explore in-house training possibilities, using the expertise of their own internal IT and security teams to develop training programs specific to organizational needs. By combining these online and local resources with in-house expertise, organizations can create a well-rounded and cost-effective cybersecurity training program for their employees.

    Log in to Reply
    • Ooreofeoluwa Koyejo says

      September 24, 2023 at 6:15 pm

      With the prevalence of cybersecurity threats, the government and other organisations develop content and materials for cybersecurity awareness and training as part of their CSR program.

      Log in to Reply
    • Celinemary Turner says

      September 25, 2023 at 11:01 pm

      That is very right. Leveraging the expertise of internal IT and security teams can provide employees with direct access to subject-matter experts.

      Log in to Reply
    • Nicholas Nirenberg says

      September 26, 2023 at 12:36 pm

      Using online platforms like Coursera and LinkedIn Learning, along with free resources from NIST and CISA can offer flexibility and cost-effective training options. But I agree and still think in-house expertise offers the most cost effective solution.

      Log in to Reply
  5. Ooreofeoluwa Koyejo says

    September 24, 2023 at 6:08 pm

    Some cost-effective training organizations can use for their employees include:
    – Vendor-provided training materials as a form of partnership either free or at a discounted cost.
    – Open-source resources on websites
    – Free and available content materials made available on platforms such as YouTube.
    – Programs that include training from government and non-profit organizations e.g., the U.S. Cybersecurity and Infrastructure Security Agency (CISA)
    – Online educational training platforms that organizations can subscribe to e.g., LinkedIn Learning, Coursera etc.
    – Internal expertise modified into training for other employees as mentorship or knowledge sharing.
    – Use of games and customized materials as content for the training which makes it relatable to the employees who might not be cybersecurity inclined.
    – Evaluate employee progress through regular assessments to gauge understanding of security concepts to identify areas where additional training may be necessary.
    – Improve the program by aligning the training content according to the organization’s needs and employee feedback.
    – Encourage a continuous learning culture, where employees are motivated to stay updated on the latest cybersecurity trends and threats.
    – Incentivize the process of feedback on the training and awareness program to improve engagement.

    Log in to Reply
    • Celinemary Turner says

      September 25, 2023 at 10:27 pm

      The approaches you’ve provided are quite comprehensive and aligns well with modern strategies for cybersecurity education and awareness.

      Log in to Reply
    • Edge Kroll says

      September 26, 2023 at 5:51 pm

      I believe the learning culture to be the most important part of the plan. As with this comes employees who are interested and engaged in the work they do. Staying up to date in the cybersecurity world is difficult as it is constantly evolving and changing, but it of utmost importance to be able to properly protect for these threats.

      Log in to Reply
  6. Jon Stillwagon says

    September 24, 2023 at 8:13 pm

    The best way I would think for a company to provide the best cost-effective training for the employees is to have the company do it themselves. This way the company could save money on outside sources to pay and it keeps the employees from spending their own money on courses. The IT security department could create such training because they know the vulnerabilities they have and where the company could use improvements. I suppose the company could decide that the employees to take online courses or use a platform such as threatSIM to monitor the company emails.

    Log in to Reply
    • Eyup Aslanbay says

      September 24, 2023 at 8:37 pm

      I agree with you, but sometimes companies are not equipped to provide this education. They can seek help from institutions to educate their employees.

      Log in to Reply
    • Nicholas Nirenberg says

      September 26, 2023 at 12:31 pm

      Your idea of having the company handle its own training makes a lot of sense and I think it’s also the best for many companies. It saves money by avoiding external costs, and the IT security people can design training that tackles the company’s specific weak spots. Plus, it’s way more convenient for employees, and online options like threatSIM can add some flexibility to the mix. The only weakness I can think of is that for some companies they just might not have the people to create a comprehensive program.

      Log in to Reply
    • Hashem Alsharif says

      September 26, 2023 at 10:32 pm

      I never thought of it that way. A common issue with many small businesses is the fact that they are lacking with money and yes while there may be some cost effective options through other organizations, ultimately, by them doing it themselves, they don’t have to worry about making sure it’s right for them, or coming up with the money to fund it. Maybe there should be organizations that teach other companies how to train their employees in cybersecurity? for example have a basic template with major points that need to be covered and the company would just go over the list? that way it lessens the likelihood of them messing up constructing the lessons and it still saves them money in the process.

      Log in to Reply
  7. Eyup Aslanbay says

    September 24, 2023 at 8:33 pm

    Finding practical, cost-effective training for employees can be crucial for organizations looking to upskill their workforce, maintain a competitive edge, and improve job satisfaction.
    There are my recommendations:
    -Industry Associations and Forums: SANS Institute, ISACA
    -Certification Organizations; ISC, CompTIA
    -Free Online Resources; CISA, OWASP (Open Web Application Security Project)
    -Security Awareness Platforms; KnoeBe4, Proofpoint
    -Books; Like Network Security Essentials or ISACA resources
    -Online Learning Platforms; LinkedIn, Coursera, Udemy, Cybrary, Pluralsight

    Log in to Reply
    • Jon Stillwagon says

      September 26, 2023 at 3:10 pm

      Eyup, those are some good recommendations for training and helpful to most organizations. A training that the company develops and delivers could also be cost-effective and it might get the company to be more involved with their fellow employees. It might make it a memorable experience for the company and the employees.

      Log in to Reply
    • Yannick Rugamba says

      September 26, 2023 at 11:57 pm

      Hi Eyub, Great suggestions! Here’s a little tip; make sure to check for any discounts or group offers on platforms like Udemy . As students we often get some perks. Additionally consider joining cybersecurity meetups or clubs for experiences and workshops. It’s similar, to how we find the helpful study materials when we collaborate and share with others don’t you think?

      Log in to Reply
  8. Celinemary Turner says

    September 24, 2023 at 9:48 pm

    I will recommend an organization find cost-effective employee training through various sources and approaches. Here are some recommendations.
     Classroom training: This allows participants to ask questions in real-time, enhancing their understanding of the material.
     Visual aids, such as breakroom posters, can serve as helpful reminders for security awareness training. While they should not be the sole source of training, when done effectively, they can reinforce important concepts.
     Online training: Many online training platforms offer cost – effective cybersecurity and security awareness courses. Such as Coursera, LinkedIn Leaning. Many online resources, such as YouTube tutorials, blogs, and forums, offer free training materials that can still provide valuable information.
     Webinar and conferences: Employees can participate in webinars and discussions related to cybersecurity. Many webinars are free, and conferences may offer discount rates.
     In-House Training: The Organization’s internal experts can conduct training sessions for the employee. This can be a cost-effective way to share knowledge and skills among employees.
     Community Resources: The organization should ensure employees participate in local or online security communities and forums. These forums can often share practical tips and real-world experiences related to security. Security tips can appear on the flyer distributed across the community.

    A combination of these resources and commitment to a strong security culture can help the organization provide practical and cost-effective training to employees.

    Log in to Reply
  9. Yannick Rugamba says

    September 26, 2023 at 10:47 pm

    There are educational platforms that offer a wide range of courses often at affordable prices example UDEMY. Moreover, tech companies often provide their training resources especially when it comes to their products. Surprisingly platforms, like YouTube also have a wealth of content that offers insights into aspects of cybersecurity. Even formal institutions such as government agencies offer structured resources. The professional community is filled with experts whose knowledges like a treasure trove and workshops and mentorship sessions are opportunities for exchanging knowledge. Engaging tools, like cybersecurity simulations can further enhance our understanding. Considering the changing nature of cybersecurity, it is crucial to stay updated by exploring resources in order to gain a comprehensive understanding.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (2)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (4)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (3)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in