In a recent article, Allan Pratt made the claim that most companies today do not provide training for their IT employees - assuming that if they gain this training, they will leave the company and take their new knowledge elsewhere. http://www.infosecisland.com/blogview/23388-Invest-in-Employees-vs-Pay-for-a-Data-Breach.html This is very different from my personal experience, so I thought I would investigate a little. Is it really rare for large companies to assist IT employees in continuing their education? Wouldn't this be a huge disadvantage for any company to do this?
Pratt's claims seem a little exaggerated. The first link I found details the educational assistance programs of 25 Fortune 500 companies http://www.affordablecollegesonline.org/financial-aid/top-company-college-tuition-reimbursement-programs/. Many of these programs are modest - say, 75% of tuition costs up to $5,000 per year, for example. However - assuming most employees wouldn't be full time students, this could cover a large amount of the costs. Perhaps not surprisingly, Walmart is one of the lowest...
What I found interesting is almost every company seems willing to help at least somewhat with continuing education - but none seem willing to really embrace it fully. How much SHOULD a company be willing to spend? Does it make sense to scrimp a bit on educational assistance... And then pay a fortune due to a data breach? What is the best way to educate employees - making them happy and loyal?
Sunday, September 22, 2013
Sunday, September 15, 2013
Key Loggers and Democracy
Wanna buy an election cheap?
http://www.fbi.gov/news/stories/2013/august/election-hack-stealing-votes-the-cyber-way/election-hack-stealing-votes-the-cyber-way
This story is amazing on many levels. Probably the most amazing thing is that someone would be willing to risk this much to rig an election to student council. If he'd been just a little more clever, he could well have gotten away with it - and who knows, maybe in ten years he'd have been rigging an election to congress!
http://www.fbi.gov/news/stories/2013/august/election-hack-stealing-votes-the-cyber-way/election-hack-stealing-votes-the-cyber-way
This story is amazing on many levels. Probably the most amazing thing is that someone would be willing to risk this much to rig an election to student council. If he'd been just a little more clever, he could well have gotten away with it - and who knows, maybe in ten years he'd have been rigging an election to congress!
Save the Date!
Wednesday, September 18, will be the monthly meeting of Omaha's Cyber Security Forum. This meeting will be from 11:00am-1:00pm at Johnny's Cafe. The topic will be Data Risk Assessment - Approach and Methodology. For more information, check out http://www.nebraskacert.org/CSF/
Sunday, September 8, 2013
The Best of the Best
Why not take a look at the winners of this years Social Security Blogging awards? For Best Corporate Security Blog, we have the Naked Security Blog - http://nakedsecurity.sophos.com from Sophos. In the category of Best Security Podcast, the winner is the cleverly named PaulDotCom, hidden at http://www.pauldotcom.com - gotta love a site that has Drunken Security News! The most Educational Security Blog is Krebs on Security, http://krebsonsecurity.com featuring Brian Krebs who was a reporter for the Washington Post for 14 years. This blog also won for the Blog that Best Represents the Security Industry. The Most Entertaining Blog prize goes to psilva's prophecies at http://psilvas.wordpress.com. And finally, the award for the single best Blog / Podcast of the year goes to Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees): http://www.forbes.com/fdc/welcome_mjx.shtml. If you are interested in information security - this is a good place to start!
Subscribe to:
Posts (Atom)