Training Program Essay
Training programs are frameworks designed for fortifying skills, knowledge or competence in specific segments of an entity’s human resource. Employee training is not only a necessity but also a strategic management approach to establishing competitive advantage. Normally, training programs are developed after internal analysis of an organization’s internal environment. Training programs are elements of resource-based view (RBV) model for establishing competitive advantages (Lynch, 2008). In other words, investing in training programs captures values of valuable and rare resources that lie within an entity. Unlike training projects, training program entails a series of courses, and often has flexible schedule and cost budget; it has to be designed to meet the needs of all trainees and takes into consideration factors such as age, gender strengths, weaknesses, training facilities among others. Employee trainings should be formal; thus, the process of developing the training programs should be handled with utmost care to ensure that the organization’s objectives are met. This can be achieved through a needs assessment consisting of three critical levels: individual, occupational and organizational assessments. This paper is a breakdown of a generic employee-training program on security and ICT for organizations that operate overseas. The program covers 20 employees and is designed to run for two days.
Training Needs Identified through a Training Need Analysis
The Internet has grown rapidly, but security has lagged behind. Organized cybercriminals and state-sponsored hackers have emerged (Mandiant, 2013). With the increased sophistication of the tools used, it has become almost impossible to trace the perpetrators of cybercrimes since their identities are camouflaged. The ubiquity of the networks makes it difficult to track hackers. Large-scale intrusions or cyber attacks can lead to catastrophic outcomes on the targets and the current globalised economies, which rely on electronic transactions. Some of the sites that have been compromised include NASA, CIA, EBay, UNICEF, U.S. Department of Commerce, Google, and Motorola among others (Everett, 2013). Hackers attack because they have the capacity to access systems. They also attack for financial gain, espionage, revenge and terrorism. From the reports of recent cyber attacks, it is apparent that there are gaps in cyber security. These gaps can be addressed through comprehensive training programs.
Training Needs Assessment is a method used to determine training needs that exists, as well as the training needed to fill the gap. It seeks to identify the levels of the existing situation in the target interview, questionnaire, observation, survey, secondary data or workshop. The gap between the current scenario and desired status may suggest issues that can be translated into training needs. Training Needs Assessment (TNA) consists of three levels, namely: individual, occupational and organizational assessments (HR-Guide, n. d.). From the case presented above and industry observations, some of the competencies needed include analytical skills, adaptability, innovation, data management, security management, intrusion detection, intrusion prevention, risk mitigation, troubleshooting, and hardware and software installations skills among others (NIST, 2014). Training can reduce or eliminate the gap between training needs and the existing capability of participants by equipping them with skills and knowledge. Further, it also encourages participants to enhance their capabilities. It is worth noting that data about the present status of individuals or their organization is critical for evaluation in the latter stages of the training cycle. The current data will serve as a benchmark data.
Key Performance Metrics
Trainee satisfaction of the fundamentals of secure cable networks and secure overseas telecommunications infrastructure.
Development of risk-mitigation strategies essential for increased security risks.
Low number of sensitive security breaches.
Training Objective Based on the Training Need Analysis
This generic training program is designed to ensure a secure company presence abroad by sustaining and improving employee security and strengthening ICT capability at its overseas offices. The projected deliverables include improved security through augmented security mechanisms consistent with the evolving security environment, especially in high-threat locations. The other key deliverable is protection of Information Communication Technology services by managing ICT services effectively as well as through security auditing process. Additionally, the training is meant to help trainees move the infrastructure of organizational ICT systems to a shared platform that can be integrated, supported and implemented effectively in conformity with the host country security policies.
The Fundamentals of Cyber Security training program is an exhaustive 2-day training experience conducted by seasoned security professional. The training is designed to provide the participants abroad with the understanding of cyber security rules, principles, procedure and policies. The training is based on the relevant regulatory sources from National Security Agency (NSA), Department of Defense (DOD), Central Intelligence Agency (CIA) and the Department of Homeland Security (DHS). Additionally, it covers applicable regulation from Executive Order and service guidance from Internet Service Providers. Participants who complete this training program will gain skills, technical understanding, policy familiarity and knowledge to protect sensitive cooperate capabilities, technologies, data and operations.
Participants Will Learn How to:
- provide data confidentiality;
- select effective encryption methodologies;
- check data integrity;
- solve distribution problems;
- evaluate authentication methods.
Hand-On Experience Includes:
- securing login to sensitive systems using open source tools;
- digitally signing sensitive content;
- ensuring confidentiality by applying encryption methodologies;
- using digital signatures to verify data integrity;
- identifying and correcting authentication issues.
Training Cost and Time Breakdown
The type of training to be conducted will rely on the financial plan or budget costs. The cost is $15,000 exclusive Value Added Tax (VAT). The cost covers a maximum of 20 participants. The training fee includes:
Comprehensive course material: Hands-on exercises and training presentation will be provided for the program, both electronic and printed.
Certificate of achievement: Each participant will be awarded with an achievement certificate for completing the training.
To cover the gap, the training will include four pillars of cyber security, including verifying integrity, ensuring confidentiality through encryption, managing availability, and establishing identity using authentication mechanisms. Implementing the pillar will entail keeping data confidential, making digital signature automatic, evaluating password alternative and securing network connections. After-training hand-on exercise includes examining integrity information and installation software enhance confidentiality. This training program is designed to provide an overview of the pillars of cyber security and their significance to an entity. Participants explore real cyber threats and countermeasures to address them.
The fundamental of Cyber Security training program is a two-day training aimed at preparing attendees for successful management of basic security measures within their organizations. The awarded certificate will indicate that the attendee understands the cyber threats facing organizations. It also indicates that the participants have an understanding of the fundamentals of information security management principles and concepts. Other areas of interest include compliance issues, risk management, addressing security incidents and integrating information security into business applications.
This training targets information security managers, Chief Information Officers (CIOs), business managers, data officers, HR managers, IT security professionals, and network security officers. Other stakeholders including internal control mangers and risk managers with an interest of learning more about cyber security concepts and policies will benefit from this training too. The participants do not need to have thorough background of privacy legislation.
Training Date and Location
This two-day training will be held on the date chosen by the client either online or onsite.
Introduction and cyber security trends
Firewall security and prevention systems
Penetration testing methodology
Phishing, Denial of Service Attacks (DDoS)
Network security test
Hacking and Countermeasures
Evaluation and Closing
This training will provide a foundation for professionals furthering their knowledge in the field of ICT and electronic commerce. The training will also explain various types of cyber threats, the underlying technologies and the weaknesses exploited by cyber criminals. To improve the understanding of cyber crime, the evolution of the Internet and the underlying technology will be discussed. Further, the trainers will demonstrate how skills and knowledge obtained can be used to design and implement risk mitigation measures and advice management on security issues.
This training can be delivered as onsite training presentation. It can be customized to meet the client’s needs choosing from various subtopics including Industrial Security, Personnel Security, and other computer related security topics. A negotiable price of $15,000 includes the delivery of the 2-day training for a maximum of 20 participants, training manuals and reference materials for all participants. Additional cost will be incurred if the client decides to use offsite facilities. Participants can network with trainers and other participants to learn more about cyber security.
Benefits of Online Presentation
Reduce commuting expenses: Online presentation is accessible anywhere, thereby saving the participant’s money and time.
Enjoy a professional and distraction free environment. The training will be delivered in an environment that is free from distraction, thus focusing on learning.
Learning centers are equipped with optimized dual computer screens for hand-on exercises and course delivery.
Below is a training agenda for a typical 1-day training program (the agenda is tailored to meet the needs of the client in terms of days)
Bonus time (30mins -1hour) with trainer for Questions and Answers, as well as practicing additional Hands-On Exercises.
At the end of the first day, a bonus hour is availed to give the participants an opportunity to work further with the trainer. This time can be used for clarification on other issues not understood during the predefined course delivery time. Further, this hour can be used by participants for supplementary hand-on exercises. After resuming normal duties, participants will be able to continue their learning through after-training self-directed exercises in the training manuals. The same exercises can be accessed online from the accounts that will be given to trainees. Furthermore, participants can utilize their manuals free after training.
The resources provided have been designed to support trainers delivering skills and knowledge about cyber security. The following topic areas will be covered through a combination of training session and hand-on exercises: introduction to cyber security, trends, cyber policies, cyber-attacks, hacking and countermeasures, cases, encryption, data integrity, login authentication and data confidentiality.