15 the seminars become rare, resulting in new employees having delivered a lot of code to production before getting any security training. An alternative for companies is to ship people to external security seminars, which usually results in a handful of developers going, leaving the rest without any training. SELF-SERVICE LEADS TO EFFECTIVE LEARNING One of the services offered by Syndis has been application security training where developers are typically trained in writing secure code through an annual slide presentation covering the OWASP Top 10. Soon it became evident that this was not the optimal way to get the message through and a more hands-on alternative for participants was created to compliment the training. To fully mitigate the above mentioned downsides of the conventional training and to tackle the lack of cybersecurity training at scale this evolved into an online platform now called Adversary (adversary.io) that allows IT personnel to go through training entirely hands-on, instead of the lecture-based focus used in academia. People put themselves in the shoes of the attacker and learn why vulnerabilities arise, and thus they begin to understand how to properly identify and mitigate critical flaws. Gamification is used to make the platform fun and engaging for employees while they learn about security problems and the “Hacker mindset“. Also, when new attacks and types of vulnerabilities come out, content is updated so that the users stay abreast of the cybercriminals latest methods and thus better manage their risks. For managers, the platform allows the monitoring of individual employee progress, giving a rare measure of the security understanding of the employees and to identify technical areas of improvement for their teams. Based on their needs, managers can define specific training campaigns for their teams, such to meet required certifications like ISO/27001 and PCI. Having such self-service training readily available at any time allows companies to train new employees at the moment they enter the company, not having to wait for the next round of lectures. It can be made an integrated part of the hiring process, accurately assessing the security knowledge of candidates as well as enabling continuous training to keep existing teams up-to-date with new security threats. REFERENCES [1] https://www.enisa.europa.eu/publications/the-cost-of-incidents- affecting-ciis [2] RSA Conference 2017 https://costofadatabreach.mybluemix.net/ [3] European Commission (2017). EU cybersecurity initiatives working towards a more secure online environment [4] Dale’s Cone of Learning http://www.qscience.com/doi/pdf/10.5339/ qproc.2015.elc2014.6 [5] Dale’s Cone of Learning - http://www.qscience.com/doi/pdf/10.5339/ qproc.2015.elc2014.6 UTMESSAN 2019 Í HÖRPU Föstudaginn 8. febrúar: ráðstefna og sýning fyrir tölvufólk Laugardaginn 9. febrúar: sýning og fræðsla fyrir alla TAKIÐ DAGANA STRAX FRÁ! Tilgangur UTmessunnar er að vekja athygli á mikilvægi upplýsingatækninnar og áhrifum hennar á einstaklinga, fyrirtæki og íslenskt samfélag. Markmiðið er að sjá marktæka fjölgun nemenda sem velja tæknigreinar í háskólum landsins. Einnig viljum vekja áhuga almennings á upplýsingatækni og mikilvægi hennar á öllum sviðum daglegs lífs. Fylgstu með á UTmessan.is - Facebook UTmessan – Twitter UTmessan

Blaðsíða 1
Blaðsíða 2
Blaðsíða 3
Blaðsíða 4
Blaðsíða 5
Blaðsíða 6
Blaðsíða 7
Blaðsíða 8
Blaðsíða 9
Blaðsíða 10
Blaðsíða 11
Blaðsíða 12
Blaðsíða 13
Blaðsíða 14
Blaðsíða 15
Blaðsíða 16
Blaðsíða 17
Blaðsíða 18
Blaðsíða 19
Blaðsíða 20
Blaðsíða 21
Blaðsíða 22
Blaðsíða 23
Blaðsíða 24
Blaðsíða 25
Blaðsíða 26
Blaðsíða 27
Blaðsíða 28
Blaðsíða 29
Blaðsíða 30
Blaðsíða 31
Blaðsíða 32
Blaðsíða 33
Blaðsíða 34
Blaðsíða 35
Blaðsíða 36
Blaðsíða 37
Blaðsíða 38
Blaðsíða 39
Blaðsíða 40
Blaðsíða 41
Blaðsíða 42
Blaðsíða 43
Blaðsíða 44
Blaðsíða 45
Blaðsíða 46
Blaðsíða 47
Blaðsíða 48