The success of security training lies in approach


A company?s approach has everything to do with the success of IT security training and skills development says Christo van Staden, director of Carrick Holdings, a local provider of security solutions, training and consulting services.

"The basic premise of an effective approach is one that results in actual measurable skills development. In order for this to happen it is important that an organization conduct some form of screening and assessment prior to exposing candidates to specific course curriculum,' says Van Staden.

Van Staden argues that since the rapid development of Information Systems and the proliferation of these systems into the market at large has resulted in a significant increase in emerging threats and vulnerabilities, skilled personnel are required as a key component in the overall defense of a company.

"The placement of skilled personnel is essential to effectively combat this wave of additional threats and vulnerabilities,' he adds. "Training should incorporate technology but it is important to realize that the concept of "one solution fits all? simply does not suite the modern corporation. Individual organizations are required to adhere to different corporate governance models, standards, regulations and frameworks.'

"A results-driven approach is one that allows for the information security solution to be tailored and takes into consideration technology, processes and people. It is particularly the human element of the equation that is often the most cumbersome yet vital component within the successful implementation of the solution,' Van Staden continues.

Carrick Holdings, through its training division, Carrick Training, offers a skills development program that is based on matching appropriate skills sets to the relevant areas of an organization. This forms part of the company?s three-tier approach to Information Security Training and Development.

"Information security is complex and its dynamics make it an elusive target to combat. This is why companies and organizations rely on the services, advice and guidance of an established managed security services provider,' explains Van Staden.

The three-tier approach incorporates a Personal Profile Analyses (PPA); Team Audits (TA) and Test for Selection and Training (TST), respectively. These core elements are focused on intellectual capital, the individual and how he or she fits into the organization.

"It is important from the outset to successfully communicate the fact that the training and curriculum can be customized to suit a client?s particular requirements,' adds Van Staden.

According to Van Staden more companies are seeking to partner with training providers that can train staff onsite. This ensures that the business avoids potentially problematic issues such as staff absence and a drop in productivity.

"The feedback we have received suggests that our approach is working. The dynamics of IT security have changed to the extent that a generic offering of course curriculums to place bums on seats does not suffice. Businesses and organizations are ready to leverage off a curriculum that suits their specific requirements, roles and responsibilities,' Van Staden continues.