Don't Login on Untrusted Computers
You Are a Target
Never Give Your Password Over the Phone

powered by zFeeder


Type: general threat extra security

Awareness and knowledge of computer security is perhaps the greatest defence against computer security threats. With this in mind raising awareness and training staff in how to improve security and deal with security incidents is crucial.

Computer security training can take place in the workplace or in another location; the training can come in a number of forms. The most popular methods of training are courses, events, conferences or by lectures. Face to face training and courses are perhaps the most detailed method of training as it usually involves specific teaching methods and completing a program of modules that are designed to improve knowledge on the subject. Face to face training and courses can be relatively expensive and time consuming. However the benefit of having members of staff who not only are more capable of dealing with security, but should also feel more confident and satisfied that they have increased their abilities and knowledge.

Events, conferences and lectures usually involve raising awareness and basic security skills, although the knowledge gained is often not as great as face to face training or courses. However the cost and time needed is usually less because staff can be taught in groups and all at the same time from a single event or lecture. The advantage of events, conferences and lectures is that the time and expense is reduced while still exposing staff to computer security issues, this is beneficial for raising awareness of computer security and thereby improving internal security.

It is often difficult for companies to make time or budget for training, but the potential improvements in security outweigh the disadvantages of involving staff in training. Some popular companies who provide recognised training are SANS, the Security University and Infosec.