• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.701 ■ Fall 2021 ■ David Lanter
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project
  • Zoom Meetings
  • Gradebook

Question 2

September 23, 2021 by David Lanter 55 Comments

Where would you recommend an organization find practical cost-effective training for its employees?

Filed Under: Unit 05: Creating a Security Aware Organization Tagged With:

Reader Interactions

Comments

  1. Andrew Nguyen says

    September 24, 2021 at 11:14 pm

    Each organization may have a different definition for ‘practical cost-effective training’ for its employees, however I would recommend either SANS.org and ISC2 if the organization can afford it.
    If the organization has knowledgeable information security employees, it would be a good idea to have these individuals prepare classes / information sessions for others in the company, so that they can see directly how information security impacts the company.
    Alternatively, there are free resources online that an organization can leverage to develop their own SETA program, tailored specifically to their own employees.

    Log in to Reply
    • Michael Galdo says

      September 28, 2021 at 7:53 pm

      Hello Andrew,

      SANS.org and ISC2 are both well-renowned organizations for cybersecurity training. A couple of programs that I found to be affordable and reputable are Pluralsight and Cybrary. The online courses and video workshops provided within these programs make the cost worthwhile, and they give the best breakdowns of cybersecurity concepts to make it understandable for all employees.

      Log in to Reply
    • Victoria Zak says

      September 28, 2021 at 10:23 pm

      Andrew,
      I agree with you, practical cost effective training is different to a company like Walmart compared to a Mom and Pop shop. PluralSight and Cybrary has also great training that are low cost.

      Log in to Reply
    • Dan Xu says

      September 29, 2021 at 11:14 am

      Hi Andrew,
      I agree with you about companies creating their own courses for their employees to take. Because unqualified employees tend to reduce productivity, companies need to pay attention to employee training. By developing SETA programs that are part of an organization using free online resources so that employees can learn in a way that is most relevant to their job, current skill level, and development needs, you are not only improving employee skills, but also controlling training costs. Being overly critical of cost cutting cannot ignore the quality of learning and results.

      Log in to Reply
  2. Kelly Sharadin says

    September 25, 2021 at 10:07 am

    The most cost-effective training for information security an organization can acquire would be to inventory potential employees interested in developing these skill sets, thereby investing resources internally and educating users at the same time. There is plenty of subscription-based, exceptionally affordable training such as Cybrary or PluralSight, which often offer enterprise packages. Another option would be to request as part of contractual agreements with outside security vendors that they provide training to internal employees. Continuous training is a reality for any security professional. It would be wise for any organization seeking to retain talent to utilize methods that grow its employee’s skillsets to bolster the business’s security posture with cutting-edge best practices.

    Log in to Reply
    • Michael Duffy says

      September 26, 2021 at 9:54 pm

      Hey Kelly,

      I had to comment on your post! When I first arrived at my organization I sought out an mentor because I was being introduced to Risk Management Framework, but only had the general idea of Cybersecurity in mind. My mentor actually referred me to Cybrary as an easy resource to use to help study for Security + at the time and introduced me to other topics within Cybersecurity. Personally now I prefer to read or listen to audible because it’s much more convenient, but I thought it was a good resource to use at the time!

      Log in to Reply
  3. Wilmer Monsalve says

    September 25, 2021 at 4:56 pm

    Cost effective training modules would be Pluralsight or Coursera as they offer enterprise packages at a fair price. To supplement the training modules, a good class training course for a week or two can help complement the training modules. The class training can be designed by the organizations security professionals and taught by someone with relative experience in the industry or by another outside party, but it would be more costly.

    Log in to Reply
    • Vraj Patel says

      September 28, 2021 at 8:04 pm

      Hello Wilmer,
      Those are the good platforms for the training. Also, the another thing to consider would be if those platforms can customize the training based on the industry (as an example Healthcare or Financial). As there would be different requirement for different industry and different position within the organization.

      Log in to Reply
    • Victoria Zak says

      September 28, 2021 at 10:18 pm

      Wilmer,
      A class training is a great idea for a low cost but still an efficient way. Employees within the firm can pass out surveys or/and quizzes to see how the employees did after the training. Another way is to assign employees readings and videos on YouTube.

      Log in to Reply
  4. Ornella Rhyne says

    September 26, 2021 at 1:59 pm

    An organization can find practical cost-effective training on some platforms like Skillsoft and Pluralsight. Some organizations may assign an internal HR or IT team to come up with designs and knowledge to list out all skills their employees must know to be productive and to follow company policy effectively. Those platforms allows the top management to monitor who completed the courses successfully in order to comply with company policy.

    Log in to Reply
  5. Matthew Bryan says

    September 26, 2021 at 2:26 pm

    NIST.gov offers a number of resources for use by small and medium sized businesses. I would recommend that they review https://www.nist.gov/itl/smallbusinesscyber for a general overview of available content. From there, they can visit https://gcatoolkit.org/cyber-basics-for-small-businesses-training/ for additional training materials. While these pages are geared towards small and mid-sized businesses, the concepts can be applied to any organization.

    Overall I think the most important part of this recommendation is to educate the business on cybersecurity standards and equip them to search for content on their own. Once conveyed, they can search and evaluate content, repackaging it into email newsletters, posters, and other low cost communications.

    Log in to Reply
    • Ryan Trapp says

      September 28, 2021 at 3:08 pm

      Hi Matt,

      I think the NIST website would be a great cost-effective resource for companies to turn to. We’ve learned so much already how NIST plays a huge role in creating the standards that companies follow to secure their organizations. It makes total sense to go to them for additional resources when it comes to the topic of security training.

      Log in to Reply
  6. Corey Arana says

    September 26, 2021 at 4:56 pm

    A cost effective training and awareness program would be eset.com. Set offers training programs ranging from 10 employees for 250$ to 100 employees for 1,650$. The program offers 60 and 90 minute online training courses with cybersecurity awareness training, phishing simulation, interactive sessions, role playing, quizzes and certification, plus more. They also offer a free trial for businesses.

    Log in to Reply
  7. Michael Galdo says

    September 26, 2021 at 6:07 pm

    After doing my research, some of the best cost-effective cybersecurity training programs seem to be Cybrary and Pluralsight. Cybrary is one of the top IT development platforms that consists of online tools and courses that help with teaching employees cybersecurity concepts. Pluralsight is also an online learning platform that provides a variety of courses for all different types of IT professionals as well as basic training for all employees. It seems that Cybrary is the cheaper, more cost-effective option of the two; however, both are highly reviewed as the top program for employee training

    Log in to Reply
    • Antonio Cozza says

      September 26, 2021 at 10:25 pm

      Hi Michael, I actually used Cybrary previously to learn some security material in the past and it was decent – for free content it is quite extensive and hard to complain about. It has many different trainings and the instructors are industry-leading professionals. There is better content out there if one wishes to pay for it, but this was great for free as an individual. The corporate packages seem to be fairly priced as well based on reading others’ reviews.

      Log in to Reply
  8. Christopher Clayton says

    September 26, 2021 at 7:41 pm

    For cost-effective training, I would recommend online courses from Udemy and ITProTV. Udemy has a plethora of free and affordable courses in security for professional adults and students. ITProTV is an excellent entertaining website with a course library filled with virtual labs for audit, cyber, and other IT learning solutions for business and personal use.

    Log in to Reply
  9. Ryan Trapp says

    September 26, 2021 at 7:53 pm

    For cost effective security training, employers can utilize a resource like LinkedIn Learning. LinkedIn Learning has over 16,000 courses that cover various topics, including but not limited to IT security. Their courses are very informative and some offer certifications upon completion. However, for something like this would most likely need to be supplemented with other methods, due to most of the training being short-medium length videos.

    Ultimately it is up to the company to decide what is considered cost effective for them. There are numerous resources online that offer IT training in some form or another. It is the responsibility of the company to decide what ones will be best suited for them and the most cost effective. It would be best for each company to do their own research online and find the best one for them.

    Log in to Reply
  10. Mohammed Syed says

    September 26, 2021 at 8:53 pm

    Most of the cyber security attacks are successful due to human error. Human behavior is one of the most vulnerable factors in most of the attacks. If the attacker fails to breach network security, then they go for an insider attack, and the success rate of such an attack is very high. It is extremely crucial and important to monitor and detect and to protect an organization from an insider attack. Keeping track of behavioral change in employees, and monitoring social networking sites for disgruntled employees can be helpful in preventing insider attacks.

    Scheduling fake phishing and creating social engineering attack scenarios can be helpful in monitoring employee behavior and checking the response rate of how an employee behaves before, during and after an attack. This gives employers an exact idea about how the organization’s employees would behave in a real situation. This type of scenario testing can help in enhancing or redesigning security education training.

    It is important to give priority to security training regularly, this not only helps improve the importance of security training education for each and every employee, but also can help employees recognize how human error can be detrimental to the organization.

    Log in to Reply
    • Madalyn Stiverson says

      September 27, 2021 at 11:28 am

      Hi Mohammed,

      I appreciate your point on phishing simulation testing. One of the most common ways hackers gain access to the network is via phishing, so it is vital employees know how to respond. Having policies in place are useless if your employees aren’t aware of the policy or how to act when they receive a phishing attack. Launching phishing simulation tests and making sure employees know where that “report phish” button is or how to inform the infosec team is key.

      Log in to Reply
    • Olayinka Lucas says

      September 28, 2021 at 5:43 pm

      Hello Mohammed, while I agree with your point that it is essential to prioritize security training regularly, I beg to disagree that most cybersecurity attacks are successful because of human error. First, most of the attacks we see today are adversarial and not human error, i.e., ransomware and phishing attacks. It is, however, right to state that they are all human enabled in one way or the other. Secondly, phishing simulations, as mentioned above, are costly because the organization must pay millions to implement and subscribe for the service from the Vendor, unlike other available online open-source training.

      Log in to Reply
  11. Michael Duffy says

    September 26, 2021 at 9:49 pm

    Depends on the size of the organization and it’s goals. The general mom & pop shop could probably utilize places such as LinkedIn Learning that provide easy access to basics and fundamentals for cybersecurity. For larger organizations; or organizations pertaining to the Department of Defense I would suggest using NIST as a resource and begin reading into the special publications and material that they provide. NIST also provides several resources for small businesses as well. For individuals within organizations there are free sites such as Cybrary that offer easy to follow courses for someone trying to get their entry Security + Certification.

    Log in to Reply
    • Lauren Deinhardt says

      September 27, 2021 at 9:53 pm

      Hi Michael, I agree with you on this. LinkedIn Learning is an excellent resource! Government cybersecurity entities also have a lot of information/training at their disposal; sometimes state agencies too. Great assessment!

      Log in to Reply
    • Dhaval Patel says

      September 28, 2021 at 8:53 am

      Hi Michael,

      I agree with your statement, the type of training and the cost associated with it will depend on the organizations’ size and goals. Larger e-learning sites like LinkedIn learning or Udemy are great resources as you said to gain the fundamentals of cybersecurity, and then using publicly available resources like NIST and self-learning is a great cost-cutting measure.

      Log in to Reply
  12. Olayinka Lucas says

    September 26, 2021 at 10:06 pm

    The most cost-effective training for information security an organization can acquire would be through in-house roles and tool-based training facilitated by SMEs within the organization.

    Secondly, plenty of online subscription-based, self-paced, or synchronous low-cost training platforms such as Cybrary.org. edureka.com and Coursera etc., exist with individual or enterprise packages that provide CPEs. Another option would be through relevant seminars and webinars from 3rd party training experts.

    Due to the dynamic technology landscape, awareness and training are a must. Therefore, every organization should have a mature awareness and training program to ensure that employees are regularly trained and equipped to achieve company goals and objectives, particularly from a security perspective.

    Log in to Reply
  13. Olayinka Lucas says

    September 26, 2021 at 10:11 pm

    The most practical, cost-effective training and organization can be through in-house roles and tool-based training facilitated by SMEs.

    Secondly, plenty of online self-paced or synchronous low-cost training platforms such as Cybrary.org. edureka.com and Coursera etc., exist with individual and enterprise packages that provide CPEs towards set out employee training requirements. Another option would be through relevant seminars and webinars from 3rd party training experts.

    Due to the dynamic technology landscape, regular awareness and training are a must. Therefore, every organization should have a mature awareness and training program to ensure that employees are regularly trained and equipped to achieve company goals and objectives, particularly from a security perspective.

    Log in to Reply
    • Matthew Bryan says

      September 27, 2021 at 8:56 pm

      I agree that leveraging in-house roles can be a great way to provide security awareness training. I’ve seen “lunch and learns” used effectively at some companies. The security team would attend these sessions and present on a topic to the wider company.

      Log in to Reply
      • Lauren Deinhardt says

        September 27, 2021 at 9:51 pm

        Matt, this is such a great idea! Lunch and learns really captivate the importance of SETA materials, while finding an interactive, enticing way for users to learn. Great point.

        Log in to Reply
        • Richard Hertz says

          September 28, 2021 at 2:45 pm

          I have seen organizations use this format in 2 dimensions – attendees pick up the cyber knowledge or awareness and the SMEs hone their skills in presenting and sharing complex areas like cyber-security. One organization required sr technical people to prepare and present internally at ‘Lunch and Learns’ as a requirement for promotion!

          Log in to Reply
  14. Michael Jordan says

    September 26, 2021 at 10:22 pm

    I would recommend an organization to be able to use its own internal IS team, CIO, and other executives to develop a cost-effective training system for its employees.

    This would be my recommendation because a company’s top IS employees should already be well educated in the field and up-to-date with recent news and breach methodologies. No one employee could reasonably be responsible for knowing all this knowledge and teaching it to non-tech employees, but the overall team of IS employees should be. By developing a training program for all employees, IS workers will be able to approach the company’s policy from a different perspective and will begin to realize how non-tech employees think about and take in the policy and educational materials. In addition to these reasons, outside training and education sessions may be more boring than internally-developed training sessions, which would be wasting some money and decreasing retention by employees. The outside organization hired to teach the material also would not be as interested or intriguing as internal employees or executives.

    With all of that being said, I think it is critical to have an outside technical/IS company review the company’s training policy and meet with top IS employees, because even though internal IS employees should be up to date with industry trends, they may not be. It is always good to get outside opinion and double-check your own policy, but the cost should at least equal the benefits. Outside organizations that i would recommend IS training of employees, or just review of training/IS policy, would be IBM, FireEye, Deloitte, and more. The specific companies i mentioned probably have the most broad/inclusive view of cybersecurity issues across all industries, and even though they may be more expensive than other companies, it would be worth it to have them review company policy and training strategy every once in a while (maybe once a year) to supplement internal IS employees knowledge and expertise.

    By using the strategy outlined above, a company can implement IS training for its employees with the costs being its normal expenditure for its IS team employees and execs, plus the annual/semi-annual review of its policies by the experienced outside firms.

    Log in to Reply
    • Jason Burwell says

      September 28, 2021 at 11:39 am

      Hi Michael,

      Having an outside IS company take a look at the training policy is a great idea, having that other/outside perspective could be critical in helping the company come up with the best policy possible

      Log in to Reply
  15. Antonio Cozza says

    September 26, 2021 at 10:48 pm

    Where would you recommend an organization find practical cost-effective training for its employees?

    Effectively choosing a method of employee training would probably require some more information about the goals and size of the business, while some options could still be suitable for one of any size. However, there should still be a mixture of training sources regardless of a chosen training program if outsourcing the training is the choice that is made. While some have already mentioned some major third party security training platforms that are commonly used, I would like to add INE to the list, as it provides some very effective free training that an organization of any size could use to generate a higher level of security understanding for all types of employees. INE also provides corporate training packages that are reasonably priced in comparison to its competitors. To add another layer and further develop awareness of security, I would also have an internal team still be performing assessments like phishing tests against all employees and enforcing follow-up training videos and a brief quiz for example for those who fell victim.

    Log in to Reply
    • Corey Arana says

      September 28, 2021 at 4:26 pm

      Hi Antonio,

      I agree with you that training should come from both internal and external sources. Training and awareness from internal sources will not always give the best results. Having a third party come in and spread a different voice can always add value to the employees and the company.

      Log in to Reply
      • Olayinka Lucas says

        September 28, 2021 at 5:21 pm

        Well said, Corey; training should always be sourced internally and externally. However, in situations where SMEs exist within the organization or when the organization lacks the required skill set to facilitate role and tool-based training, the organization’s security need must be adequately addressed. Whether internal training would not give the best outcome is yet to be proved, even though it is always better to seek vendors’ approaches. Regardless, there are now so many budget-friendly avenues out there to access activities. The overall objective is security awareness and training to ensure that its employees are adequately protected.

        Log in to Reply
  16. kofi bonsu says

    September 26, 2021 at 11:06 pm

    Where would you recommend an organization find practical cost-effective training for its employees?

    For cost-effective training, education, I would suggest online courses from Udemy and NIST has huge resourceful material free of charge and cheaper programs in security for professionals and students. who has no knowledge of studying IT .The company views training as a key component of employee retention, which is increasingly important as the wave of baby-boomer retirements begins to go on retirement.
    It is absolutely essential to place more premium to security training regularly, this not only done to assist to employees to appreciate the value of security training education for every employee, However, it can help employees understanding how human error can have a serious impact to the organization

    Log in to Reply
  17. Joshua Moses says

    September 26, 2021 at 11:37 pm

    I believe that no expense should be spared in the effort of training end users and making them more aware of the best practices regarding IT security. “Measuring the effectiveness of various efforts can be costly and time consuming, but it must be done if you want to ensure that you are reaching your target audiences.” (SANS reading 2)

    However, after reading some of my classmates’ posts I do agree that Udemy would be a great way to help educate everyone in the organization of IT security best practices.

    Log in to Reply
    • Christopher Clayton says

      September 27, 2021 at 11:10 am

      Good point Joshua. Whatever the cost may be to train employees and making sure the best practices regarding IT security are utilized, if it is successful and everyone benefits from this training, then an accomplishment has been made and whatever the cost may be to help educate staff should not be an issue. However, if there is a cost-effective way to help train at an inexpensive price, and is just as beneficial, then by all means saving money by using a great resource such as Udemy is a good idea as well.

      Log in to Reply
    • Olayinka Lucas says

      September 28, 2021 at 5:30 pm

      Hello Joshua, to add to your point, I also started my security career learning on platforms like Udemy, Edureka, Coursera, and Cybrary, and I see them as very useful. However, I want to add that they begin as open-source with no subscription requirements and later become pricy with aggressive marketing tactics. The beauty of online security training sources is obtaining certificates of completion which could also be used in resume building under the credentials and certifications paragraph.

      Log in to Reply
    • Joshua Moses says

      September 28, 2021 at 11:58 pm

      Hey Chris and Olayinka,

      I have have a friend who has downloaded some of Udemy’s material and copied it for me on a hard drive. For sure Udemy is goes in-depth with their course material. I never had access to the actual web site and COMPLETE course material. But the videos I’ve watched which is majority of the course material was very interesting. The professionals they have teaching these courses do an exceptional job. They talked about a lot of topics for the information security course, including the CIA triad and even penetration testing.

      I agree with you Chris that it is very cost effective. & Olayinka I didn’t know they offered their own certificates that someone who has subscribed can add to their resume…. That’s pretty dope! That’s a good incentive for me to actually subscribe.

      Log in to Reply
  18. Madalyn Stiverson says

    September 27, 2021 at 8:56 am

    I would consider looking into your cyber insurance offerings, if any are available. Some big-name insurance companies such as AIG, Beazley, and Chubb offer free or reduced-cost employee phishing simulation awareness training, as well as other offerings.

    If no options are available, I would recommend developing the trainings in-house or researching reduced-cost trainings. NIST provides a list of recommendations on their website (link below). It would be a good idea to see if any of the NIST-recommended companies specialize in your industry.

    https://www.nist.gov/itl/applied-cybersecurity/nice/resources/online-learning-content

    Log in to Reply
    • Michael Jordan says

      September 28, 2021 at 11:31 pm

      Madalyn,

      I think it is very smart idea to not only look into cyber insurance, but also what training programs different insurance companies offer. Cyber insurance is growing more and more necessary for even small-to-mid size firms, and any company having built-in or discounted IS training included in their package would have a considerable benefit over other insurance companies and/or policies that don’t. I did not think about looking into cyber insurance companies in regards to IS training before I read your post.

      -Mike

      Log in to Reply
  19. Miray Bolukbasi says

    September 27, 2021 at 2:21 pm

    First, looking for external options, company should consider developing cross-training program where employees are arranged to shadow each other and develop new skills and techniques from their teammates. Also, mentoring would help to transform knowledge from top to bottom of the organization. These activities would put the team on the same page and avoid additional cost related to external resources.

    As external learning, E-learning should be the option considered first. Considering that the whole world and businesses are transferring to online platforms during the COVID-19. It would be very smart to ensure that the trainings take place online. Instead of physical face-to-face training (snacks and drinks), online training can be offered at less cost. Videos and tasks can also be assigned offline to give flexibility to employees. This can be offered as a cost-saving option that adapts to the pattern of workers currently working online. Luckily, lots of platforms offer free or paid certification programs to ensure security training such as Udemy, Open University, Future Learn, Coursera, NextGenT.

    Log in to Reply
  20. Vraj Patel says

    September 27, 2021 at 8:41 pm

    There are many platforms which the companies can use to provide their employees security training. The few of the platforms are Proopoint, KnowBe4, Infosec, and/or LinkedIn Learning. It would be depended on the size of the organization and the requirements of the organization to determine the cost. If the company is big enough them, they could also design/create their own trainings for their employees.

    Log in to Reply
  21. Lauren Deinhardt says

    September 27, 2021 at 9:49 pm

    My biggest suggestions for an organization to find cost effective training is 1. to build training in house with various professionals in the organization/internal auditors who are educated in NIST/ISO best practices, and (if in-house training is not an option) 2. Open education resources (OER’s). The federal/state government offers an array of tools for private organizations to promote cybersecurity. For example, in New Jersey, the New Jersey Office of Homeland Security and Preparedness (NJOHSP) offers free incident response and information security training through their website, virtual lectures, and in-person events. These training sessions are all free of charge, targeted to reach private sector companies that might not have the resources to orchestrate a SETA of their own, In addition, companies like Microsoft/Azure offer whitepages and other security awareness platforms for companies/individuals to educate themselves on,

    Log in to Reply
    • Bryan Garrahan says

      September 28, 2021 at 8:24 pm

      Thanks for sharing Lauren. I too suggested using an existing resource within the organization and I agree with your point that it could also be spread across a number of organizational units, such internal audit and security, to help raise awareness and provide training to users on the importance of security. This could be a solid approach with the security side focusing on how the SETA program should be implemented while internal audit, with the help of perhaps a Business Continuity unit, could assess the systems and users who pose the most risk and who handle some of the organizations most critical data to ensure they are prioritized when it comes to security awareness and training.

      Log in to Reply
  22. Dhaval Patel says

    September 27, 2021 at 9:49 pm

    Conducting trainings in-house is usually the most cost-effective way to go, but a barrier to that would be if the organization does not have the skilled employees to conduct/develop the trainings. This is usually the case for smaller organizations who end up outsourcing to third-party vendors. If we take the least flexible scenario where in-house training is not an option and the organization does not have enough employees or willing employees to build the necessary skills to train, then the next best option is to go to an outside source like SANS.org or ISC2 to gain the technical information security training.

    Log in to Reply
  23. Bryan Garrahan says

    September 27, 2021 at 10:28 pm

    It would be interesting to see an organization dedicate a current security minded resource, such as a security analyst, to provide training to the rest of the employees on behalf of the organization. This could be included in a weekly email communication that is sent to every employee within the organization or the security analyst could pre record a video which could be required for all existing employees to watch on a periodic basis. This may not be easily deployed for organizations with limited employee resources – however, I’d argue these same organizations most likely lack financial resources, especially when it comes to budgeting for security. Therefore, if a capable security minded person already exists within the organization I think it could be beneficial for an organization to have them dedicate just 5-10% of their daily job duties to educating the rest of the organization.

    Log in to Reply
  24. Jason Burwell says

    September 28, 2021 at 11:16 am

    Where would you recommend an organization find practical cost-effective training for its employees?

    No matter the size of the organization I would “recommend” they first try to accomplish this with their own IT/IS team. If possible, this not only cuts out the cost but its internal so those giving the training are more familiar with how the organization/business runs so the training will be more effective.

    If this is not possible, there are several online resources that many of my classmates have already named. Dont want to beat a dead horse but NIST, Udemy, Linked In Learning, PluralSight are some great ones.

    Log in to Reply
  25. Richard Hertz says

    September 28, 2021 at 2:41 pm

    Where would you recommend an organization find practical cost-effective training for its employees?
    The term cost effective does vary widely based on the security requirements of the situation or the organization. The US Govt or US Military spends considerably more than the local website creation and hosting organization – appropriately so! However, if someone is resource constrained then a plethora of resources are available from sites like youtube, LinkedIn, Coursera, AWS, Azure, NIST, SansInstitute etc. These materials range from free to small cost per viewing. The power of Google can not be understated when tackling a problem like this one!!
    Identifying course content is only part of the equation, finding ways to get the employees to engage to truly learn and apply the material is the challenging part!

    Log in to Reply
    • Christopher Clayton says

      September 28, 2021 at 9:12 pm

      Hi Richard, “plethora” is the perfect term for the amount of resources anybody can utilize to search for security training. Youtube is a good mention for it being free to use and the countless amount of content anybody can find for training purposes.

      Log in to Reply
  26. Alexander William Knoll says

    September 28, 2021 at 9:52 pm

    To determine where an organization can find practical-cost effective employee training for its employees, one must really determine the size of the organization. Any large or medium sized organization should have its own IT Security team in place, or should be outsourcing one. The level of risk you expose yourself to grows with the size of your company, so making sure your employees are educated on security risks but be a main priority. If the organization is smaller, and doing what I previously said is not a possibility, there are many resources available. Management should spread awareness on the matter, encourage outside research, or implement some cheap methods such as training videos/quizzes..

    Log in to Reply
  27. Victoria Zak says

    September 28, 2021 at 10:13 pm

    Where would you recommend an organization find practical cost-effective training for its employees?

    First, I would find out within the company what the business objectives and what the business needs to excel in. How many employees there are, and what level of knowledge. On the management level, management is more advanced than consultants. That case, the organization has to find a training that suits all employees. First, the organization can try a “blended approach.” An employee can learn from their coworker and read more about the training online. There are tons of videos and learning sites that employees can sign up for from little to no cost. An organization can assign a quiz after each training. Continuous training such as PluralSight and Cybrary is affordable for an organization. PluralSight provides a subscription for a year, involving courses for Information Technology Professionals. Additionally, Cybrary offers 300 video courses and tons of hands-on labs.

    Log in to Reply
  28. zijian ou says

    September 29, 2021 at 5:55 am

    I would recommend some professional websites, such as knowbe4 because professional training institutions can train employees more effectively.

    Log in to Reply
  29. Dan Xu says

    September 29, 2021 at 11:11 am

    I don’t think finding practical, cost-effective training for employees is the same as lowering the quality of training. Unqualified employees tend to reduce productivity.
    1. Online learning is an option. E-learning can increase efficiency and reduce costs.
    2. A learning management system (LMS) that can organize the required content into each class session and track employee performance. There are several companies that offer SaaS (cloud-based) learning management systems.
    If training content is compatible with mobile devices and easily accessible so that employees can learn in a way that is most relevant to their job, current skill level and development needs.You can also control costs while improving employee skills.

    Log in to Reply
    • Bernard Antwi says

      December 14, 2021 at 12:51 pm

      @Dan- NIST provides accountability is major way to ensuring security awareness in a cost effective manner. ccountability
      One of the keys to a successful computer security program is security awareness and training. If employees are not informed of applicable organizational policies and procedures, they cannot be expected to act effectively to secure computer resources.
      Both the dissemination and the enforcement of policy are critical issues that are implemented and strengthened through training programs. Employees cannot be expected to follow policies and procedures of which they are unaware. In addition, enforcing penalties may be difficult if users can claim ignorance when caught doing something wrong.

      Log in to Reply
  30. Bernard Antwi says

    December 14, 2021 at 12:46 pm

    There are multiple companies which provide SaaS (cloud-based) Learning Management Systems. The big advantage is that while the learning content will be created by you and meet all your specific needs you will not need to worry about technology. It’s all taken care for you. It can cost you from few hundreds to few thousands per months just to use the software, however.
    Use Reporting Tools: It’s an absolute must to define which courses and modules are necessary and useful.
    On-the-job or hands-on training jumps straight to the practical skills necessary for the job. New hires begin working immediately with this training method. In some cases, it may be beneficial to incorporate an employee shadowing component. This will allow new hires to gain a little insight into the context and job requirements before trying it on their own.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (6)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (4)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (6)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in