Tölvumál - 01.01.2018, Síða 15
15
the seminars become rare, resulting in new employees having delivered
a lot of code to production before getting any security training.
An alternative for companies is to ship people to external security
seminars, which usually results in a handful of developers going, leaving
the rest without any training.
SELF-SERVICE LEADS TO EFFECTIVE
LEARNING
One of the services offered by Syndis has been application security
training where developers are typically trained in writing secure code
through an annual slide presentation covering the OWASP Top 10. Soon
it became evident that this was not the optimal way to get the message
through and a more hands-on alternative for participants was created
to compliment the training.
To fully mitigate the above mentioned downsides of the conventional
training and to tackle the lack of cybersecurity training at scale this
evolved into an online platform now called Adversary (adversary.io) that
allows IT personnel to go through training entirely hands-on, instead of
the lecture-based focus used in academia. People put themselves in
the shoes of the attacker and learn why vulnerabilities arise, and thus
they begin to understand how to properly identify and mitigate critical
flaws. Gamification is used to make the platform fun and engaging for
employees while they learn about security problems and the “Hacker
mindset“. Also, when new attacks and types of vulnerabilities come out,
content is updated so that the users stay abreast of the cybercriminals
latest methods and thus better manage their risks.
For managers, the platform allows the monitoring of individual employee
progress, giving a rare measure of the security understanding of the
employees and to identify technical areas of improvement for their teams.
Based on their needs, managers can define specific training campaigns
for their teams, such to meet required certifications like ISO/27001 and
PCI.
Having such self-service training readily available at any time allows
companies to train new employees at the moment they enter the
company, not having to wait for the next round of lectures. It can be
made an integrated part of the hiring process, accurately assessing the
security knowledge of candidates as well as enabling continuous training
to keep existing teams up-to-date with new security threats.
REFERENCES
[1] https://www.enisa.europa.eu/publications/the-cost-of-incidents-
affecting-ciis
[2] RSA Conference 2017 https://costofadatabreach.mybluemix.net/
[3] European Commission (2017). EU cybersecurity initiatives working
towards a more secure online environment
[4] Dale’s Cone of Learning http://www.qscience.com/doi/pdf/10.5339/
qproc.2015.elc2014.6
[5] Dale’s Cone of Learning - http://www.qscience.com/doi/pdf/10.5339/
qproc.2015.elc2014.6
UTMESSAN 2019 Í HÖRPU
Föstudaginn 8. febrúar:
ráðstefna og sýning fyrir tölvufólk
Laugardaginn 9. febrúar:
sýning og fræðsla fyrir alla
TAKIÐ DAGANA STRAX FRÁ!
Tilgangur UTmessunnar er að vekja athygli á mikilvægi upplýsingatækninnar og áhrifum
hennar á einstaklinga, fyrirtæki og íslenskt samfélag.
Markmiðið er að sjá marktæka fjölgun nemenda sem velja tæknigreinar í háskólum landsins.
Einnig viljum vekja áhuga almennings á upplýsingatækni og mikilvægi hennar á öllum sviðum
daglegs lífs.
Fylgstu með á UTmessan.is - Facebook UTmessan – Twitter UTmessan