America's entry into World War II was predicated by the Japanese invasion of the United States Naval base at Pearl Harbor Hawaii on December 7th, 1941. The invasion was planned and led by Japanese Adm. Yamamoto.
What a lot of people don't know is that on April 18th, 1943, a plane carrying Adm. Yamamoto was attacked by the U.S. Army Air Corps. Yamamoto was killed in the attack and Japan lost its greatest tactician. Japan never recovered from the blow. The attack on Yamamoto wasn't dumb luck. Messages detailing Yamamoto's itinerary were intercepted. When he boarded that plane, his fate as a victim of the lack of security awareness was sealed.
If you look at most major breaches of security, they can often be traced back to a lack of security awareness. If Adm. Yamamoto's team had been aware of the threats, they could have taken precautions to prevent data interception. So how do we become sensitive to threats when it comes to protecting vital information? I suppose we could wait for something drastic to happen and learn it the way the Adm. Yamamoto did, but we could also take a more proactive stance and incorporate security awareness training into our routine business.
We all know we need training, but targeting the right training for the right individual at the right time can save companies thousands of dollars in training costs, while getting the most return on investment. Essentially, there are three levels of role-based security awareness training required in every company: users, IT staff and decision makers. Most companies train IT staff and provide users with security awareness training when they are issued access to corporate networks. However, the most important security awareness training, that of corporate decision makers, is frequently overlooked. Corporate executives, in addition to using information systems, are responsible for risk management. They need security awareness training to understand the importance of how much security is required and what the trade-offs are for achieving an acceptable risk tolerance within the organization.
CEOs, CFOs, CIOs, SISOs and ISSMs are all involved in the responsibility of managing corporate cybersecurity risk. These critical roles in the organization deserve specialized risk management training. There are a lot of programs available in all areas of security, and considering a certification program is a good option. One such available certification is called Certified in Risk and Information Systems Control (CRISC). CRISC training enables managers to be able to identify risk, respond to risk, monitor risk, design and implement information system security controls, and maintain and monitor information system security. Certification programs can be expensive; however, the benefits are an effectively trained staff that stewards limited security funds to optimize risk. And an effectively trained staff is less likely to let you get shot down over Burma, figuratively speaking.
*****
Submitted by Taranet Inc.
Press ESC | Close [X]
