Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cyber Tactics ColumnCybersecurity News

3 Steps to Better Cybersecurity Training

By Steven Chabinsky
3 Steps to Better Cybersecurity Training; cybersecurity training, cyber security news, security education, cybersecurity awareness
Steven Chabinsky
3 Steps to Better Cybersecurity Training; cybersecurity training, cyber security news, security education, cybersecurity awareness
Steven Chabinsky
March 1, 2016

The NIST Framework lists “awareness and training” as a key component of network protection. But how do you go about it? For its part, NIST recommends role-based training. In theory, your company should incorporate its most important physical, administrative, and technical control requirements into customized privacy and security training. That training should be broken down into five different classes of users: general users, privileged users, senior executives, physical and information security personnel, and third-parties (such as customers and vendors). In terms of frequency, training should be continuous, starting with new users, recurring at least annually, and providing out-of-cycle instruction in the event of significant information systems changes or policy revisions.

In practice, however, companies need to clarify their training goals and keep them manageable. A brief story might help. I recently attended a roundtable consisting of corporate directors. One of them pronounced, “Our employees are our first line of defense.” For him, that meant they needed significantly more training. I was skeptical about the rationale. After all, cybersecurity has grown far too complex for a company’s general users to defend the frontlines. Better to leave that to the experts, both in terms of IT specialists and advanced technical controls.

Rather than expect awareness and training to turn all of our employees into a first line of defense, perhaps it’s enough if it serves to discourage each individual employee from intentionally breaking the rules and committing a security offense. Following this line of thinking, better awareness and training can be accomplished using these three steps:

  • Inform Them. Let employees know the reasons for your controls. To the extent any of them make business tasks more difficult, acknowledge it during training. Companies would do well to proactively determine business demands, ask how current or proposed security requirements might interfere with those needs, and figure out how to accommodate users so they can be productive without bypassing security. As an example, companies with file size and storage limitations should address the increased risk of users turning to personal email, cloud storage accounts and thumb drives.
  • Scare Them. It’s important for users to know they can lose their jobs for breaking certain rules. It’s even more important to explain what the company (and those who depend on it) stand to lose based on real-world cyber risks to your organization’s sensitive data and critical services. There’s no substitute for actual examples, and everyone is relying on everyone else to do the right thing.
  • Help Them (Help You). Encourage employees to rate and constructively comment on your security training, and take their feedback to heart. In order to promote the underlying security principles found in the training, have easy mechanisms in place both to report security concerns (such as a phish@company.com account for users to forward suspicious emails) and to report known security violations (perhaps anonymously).

Training should mean more than checking a compliance box. Done correctly, it can even drive an organization’s security practices to become further aligned with its business needs.

KEYWORDS: cyber security awareness cybersecurity training security education

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Chabinsky 2016 200px

Steven Chabinsky is global chair of the Data, Privacy, and Cyber Security practice at White & Case LLP, an international law firm. He previously served as a member of the President’s Commission on Enhancing National Cybersecurity, the General Counsel and Chief Risk Officer of CrowdStrike, and Deputy Assistant Director of the FBI Cyber Division. He can be reached at chabinsky@whitecase.com.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cybersecurity Requires More than a Good Plan

    10 Steps to Building a Better Cybersecurity Plan

    See More
  • Data Security; cyber security news, NIST cybersecurity, data security, data breach, cybersecurity management

    7 Steps to Better Data Security

    See More
  • 6 Steps Toward a Better Cyber Risk Management Strategy

    6 Steps Toward a Better Cyber Risk Management Strategy

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing