I’ve been a teacher for the past 15 years, and I’ve taught in several mediums including live classes and computer-based e-learning. I have come to the conclusion that the most effective factor in education and training is fostering emotional investment.
Simply put, students must care about learning the material. The more they care, the more they learn.
The notion of getting emotional investment from students might sound like simple common sense, but it is often not done …and often not even attempted.
I have produced a new short video for the newly-launched education privacy website of SafeGov. The site is called edu.SafeGov.org, and it contains a wonderful array of resources for parents, school officials, and policymakers regarding education privacy issues.
The article points to an ISACA study that seeks to measure the effectiveness of data security awareness training. The study concludes: “Security awareness training is a vital nontechnical component to information security. As such, it is in the interest of the public and private sectors to continue to research this component that directly impacts security’s weakest link: humans.”
I was recently asked whether I had a list of the various laws, regulations, and industry codes that require privacy and/or data security training. I know about a number of training requirements, but didn’t have a formal list. I realized that such a list would be useful, so I created one with the help of Joe Newman, a former student who now does some work for my company.
The PDF is here. It provides information about each requirement, citations, and quotations of the relevant provisions. Below is a summary. If there are any training requirements we missed, please let me know.
A recent study by the Ponemon Institute, The Risk of Regulated Data on Mobile Devices and in the Cloud*, reveals a stunning need for improvement on managing the risks of mobile devices and cloud computing services. The survey involved 798 IT and IT security practitioners in a variety of organizations including finance, retail, technology, communications, education, healthcare, and public sector, among others. The results are quite startling.
The study concluded that “the greatest data protection risks to regulated data exist on mobile devices and the cloud.” 69% of respondents listed mobile devices as posing the greatest risk followed by 45% who listed cloud computing.