With the support of leading information security professionals around the world, a non-profit organization called SCIPP International has been formed to provide security awareness training and certificate programs for corporate, government and academic end-users, including both employees and customers. Founded by Winn Schwartau, a pioneer and visionary in understanding the critical role of end-user awareness in securing infrastructure, SCIPP International was formed to develop and maintain the SCIPP Generally Accepted Practices (SCIPP GAP), a common body of knowledge of security awareness best practices, and expand the role and influence of security awareness training and certificate programs for end-users. “Studies have shown that up to 60 percent of all computer security breaches stem from basic user errors, more than any other single factor,” said Schwartau. “We formed SCIPP to gather security awareness best practices in a single repository and incorporate them into educational and certificate services for end users and their organizations.” Vetted by respected security industry veterans and subject matter experts, the SCIPP International training and certificate programs are offered annually with differing levels of achievement that can be tailored to fit an individual organization’s unique policy requirements. SCIPP certificate of security awareness programs include those customized for corporate employees (SCIPP-CE), corporate customers (SCIPP-CC), government employees (SCIPP-GE), government citizenry (SCIPP-GC), those who are self-employed (SCIPP-SE), and educators (SCIPP-ED). Based in Vienna, Va., with offices in Old Hickory, Tenn., Hong Kong and London, SCIPP is able to effectively tailor training and certificate programs by region and make them suitable for any entity that wants to improve its security awareness or comply with regulatory or compliance mandates such as HIPAA, SOX, FISMA, GLBA, Basel II, and ISO 17799 or its equivalent national standard in various countries around the globe. SCIPP has assembled an international advisory board of information security leaders from many areas of expertise, including: · Stephen Carrick-Davies, CEO, Childnet International; · Suzanne Gorman, director of governance, Omgeo; · Dr. Andy Jones, head of Security Technology Research at the Security Research Centre at British Telecommunications (BT); · Stephen R. Katz, CISSP, founder and president of Security Risk Solutions, LLC · Micki Krause, CISSP, chief information security officer (CISO), Pacific Life Insurance Company; · Kevin Mandia, CISSP, president and CEO of Mandiant; · Lynn McNulty, McNulty & Associates; · William “Bill” Murray, CISSP, executive consultant for Cybertrust and professor at the Naval Postgraduate School; · Rob Pate, deputy director of outreach and awareness at the National Cyber Security Division (NCSD) of the U.S. Department of Homeland Security · Howard Schmidt, president and CEO of R&H Security Consulting LLC and former cyber security advisor to the White House; · Eugene Schultz, CISSP, CISM, chief technology officer and CISO, High Tower Software; · Leo Thrush, CISSP, ISSMP, ISSEP, deputy director, Communications Programs, Office of the United States Secretary of Defense; · Hal Tipton, CISSP, consultant. “By investing in security awareness for end-users/consumers, organizations greatly improve their security posture by preventing security incidents as well as detecting and reacting to events more quickly, while reducing vulnerabilities and their associated costs in monetary and reputation damage,” said Schmidt. “The certificate of security awareness is an important component of the security training process because it provides organizations a level of assurance that their employees, partners and customers have successfully mastered the topics taught based upon the SCIPP GAP.” Each SCIPP security awareness training and certificate program consists of four parts: · an optional pre-assessment for metrics, return on investment (ROI) and improvement measurement statistics; · a self-paced three-chapter on-line course; · a 25-question multiple choice post-assessment; · a SCIPP certificate of security awareness upon successful completion. If desired, SCIPP will monitor and track the progress of the training and certificate program, including providing the metrics of end-users, performance and compliance. SCIPP certificates are valid for one year from the date of successfully completing the awareness course and passing the post-assessment. For more information on SCIPP International, its mission and its security awareness training and certificate programs, visit www.SCIPPinternational.org. About SCIPP International SCIPP International is a global non-profit organization dedicated to solving information security problems where they need to be solved – at the human level. Based in Vienna, Virginia, USA, with offices in Tennessee, London, and Hong Kong, SCIPP delivers information security awareness training and certificate programs for end-users and consumers throughout the world based upon the SCIPP GAP – the common body of knowledge describing SCIPP’s 10 generally accepted best practice areas. More information is available at www.SCIPPinternational.org.
