The Insider Threat is Real and it’s Now

by | Aug 26, 2016 | Ethical Hacker, Insider Threats, Knowledge Center, News

What is an Insider Threat?

Is the threat to your organization someone you know and trust? An Insider Threat may be intentional or just bad work habits, poor training and personal behaviors. Both intended and unwitting threats are significant problems. Ignoring questionable behaviors can only increase the potential damage the insider can have on your organization, the national security and/or employee safety. While each insider threat may have different motivations, the indicators are generally consistent.

Be Alert! Be Aware! Report suspicious activity to your local security official. See something, say something. Nine times out of ten, after an attack on data or people, someone realizes they knew something that could have stopped or reduced the damages, or even deaths.  

Insider Threat Examples of possible Reportable Behaviors – Information Data Collection

  • – Keeping classified materials in an unauthorized location
    • – at home, car, backpack, bag, personal server
  • – Attempting unauthorized access to private or classified data information
  • – Obtaining access to sensitive information beyond the requirements of a person’s job
    • – A request from a worker or team member to provide access or documents without a current need or out of their project access
  • – Questionable data or file downloads
    • – Gathering information which has no relevancy to assigned work
  • – Unauthorized use of removable media and moving files without permission
  • – Using an unclassified medium to move classified materials
    • – Unsecured faxing, thumb drives, external hard disks
  • – Discussing classified topics and materials on non-secure phones, using non-secure emails or texts
    • – Use of cellphone in or out of workplace on home phone or personal email or texting
  • – Removing the classification markings from documents
    • – Changing the classification or observing deleting classified markings
  • – Unnecessary or excess copying of classified materials
    • – Nervous behaviors around unusual activities
    • – Moving data to external drives or any out of pattern heavy usage of copy machines
  • – Expressing loyalty to another country or for a radical cause
    • – Displays desire to help, assist or fight for a foreign faction
  • – Concealing reportable foreign travel or contact
  • – Sudden reversal of financial situation or a sudden repayment of large debts or loans
    • – Mysterious purchase of new car, expensive jewelry or large investments
  • – Being disgruntled to the point of discussing or writing about the desire to retaliate
    • – “I’ll get them for this” or “she’s going to pay for that”
  • – Repeated or unrequired work outside of normal duty hours
  • – Bringing an unapproved BYOD or work device into a unauthorized or controlled area


What’s in it for me to take the risk of reporting something?
Insiders have a negative impact on your industry, our nation’s security and safety and well-being of the citizens. Not reporting can seriously affect your career or even cause you big legal problems. The effect of not reporting, often will result in:

Not reporting can seriously affect your career or even cause you big legal problems.
The effect of not reporting, often will result in:

  • – Loss or compromise of private information, of classified or controlled and sensitive information
  • – Military weapons can be reproduced, destroyed, or rendered ineffective
  • – The country’s loss of technological competitiveness or superiority
  • – Financial loss, company brand and image damage causing layoffs or slowing economic growth
  • – Public utilities and infrastructure damage and physical harm, and loss of life

Take the Insider Threat seriously. It’s worth doing the right thing over the cost of keeping quiet. 

To find out what steps you can take in creating Insider Threat awareness, and the requisite change management for your organization, call Susan Morris or Tom Jenkins today.  
480-222-7507 office or 480-227-5134 direct

Advanced Business Learning Launches New Cyber Security School

by | Aug 24, 2016 | Cybersecurity Certifications, Cybersecurity School, News

FOR IMMEDIATE RELEASE

Advanced Business Learning Launches New Cyber Security
Certification Preparation School in Arizona

Licensed in the State of Arizona as a postsecondary vocational school, ABL, an industry Authorized Training Provider (ATP), is offering five-day cyber security boot-camp certification preparation courses at their classroom facility in Tempe.

Scottsdale, AZ (August 18, 2016) – Scottsdale based Advanced Business Learning (ABL Academy) has been supporting the US Intelligence Community and the US Navy with cyber security boot-camp-style certification preparation and is now bringing these highly efficient, low cost programs to businesses and individuals in Maricopa County and throughout Arizona.

A strong value of ABL Academy is their pre-course assessment tools, as well as their reinforcement and continuous learning environments post-course where students are encouraged to participate in sponsored communities of practice. ABL Instructors dedicate time for tutorials at the end of each class day to provide reinforcement and individualized coaching as needed, which ensures a high exam pass rate. On-line live workshops and labs, discussion groups and instructor-led blogs are all under design and development for additional value and support for every student. Upon certification ABL Academy assists with job search preparation and resume submission to prospective employers.

ABL Academy’s learning environment is student centric.  ABL Academy’s proven ability to bring world-class course content, live in-person education taught by excellent, experienced instructors result in an outstanding learning experience.  Their core belief is that the instructor is far more credible and effective if they have “felt the pain” associated with being experienced in real world application.

“The need for smart, knowledgeable and strategic cybersecurity professionals has never been more obvious”, said Tom Jenkins, CEO of ABL. “Hardware is easy to protect. People in an organization often represent the weakest link in the security chain. As cybersecurity becomes more and more integrated in to the mission of the organization, not just another administrative department, the cyber professionals in a company require ongoing education and knowledge of best practices to work with and educate their internal colleagues and management”, said Tom Jenkins.

Class schedules will start in late September for CISSP; PMP; Security +; Network +; CEH and more.  Visit www.advancedbusinesslearning.com/cybersecurity for further details on classes or contact the ABL Academy at: 480-222-7507 or 480- 339- 4851.

About Advanced Business Learning (ABL)

For over 17 years, Advanced Business Learning has been a leader in workforce effectiveness programs serving the US Government and Fortune 1000 clients across the country and around the globe. Their team of elite consultants, instructors and best-of-breed partners are dedicated to delivering relevant, results-focused programs that are cost effective and have a measurable impact on your company’s short term goals and long term success.

Advanced Business Learning has a mission of bringing the same high quality DoD classroom experience with authorized CompTIA; EC-Council; ISACA; ISC2; and PMI materials plus military grade instructors, many with DoD experience and Secret clearances, to our certification exam prep courses where they ensure both certification exam readiness and application to real world work.

Media Contact:
Christine Holtz
Phoenix Marketing Associates
602-282-0202

 

Top Cybersecurity Certifications for Arizona Workers

by | Aug 23, 2016 | Cyber Security, Cybersecurity Certifications, Cybersecurity Jobs, Ethical Hacker, News

Best CyberSecurity 5 Day Classes to Earn Certifications

As companies find themselves becoming more and more vulnerable to data breaches, employers in Arizona are increasingly looking within to hire or promote employees who have obtained cybersecurity certifications to ward off future potential attacks. Corporations like Target, who have recently fell victim to a data breach not only pay millions in costly fines but also lose consumer trust and future goodwill.

CompTIA Security +

Job seekers within the growing technology trade in Phoenix who wish to obtain a commercial cybersecurity job or land a coveted IT security position within the defense industry must receive certification as a prerequisite from a state certified school. Depending on the position desired, candidates can start their career with a basic CompTIA certification in network security while top-tier candidates seek the coveted Certified Information Security Manager (CISM). CompTIA certification gives candidates a good overview of best practices in troubleshooting, networking and security across a broad array of devices. Although the CompTIA certification is seen as a stepping stone for more advanced levels of certification, it’s important to note its relevancy as it is required by all employees of the U.S. Department of Defense.

Certified Ethical Hacker

An industry in Arizona that is rapidly growing in popularity is “Ethical Hacking” or “White Hat Hacking.” Ethical hackers must be properly trained and certified because of the high level of trust that is commanded by these positions. Ethical hackers are a unique breed whose main job is to think like a malicious cybercriminal while using that information to protect its employer. In order to properly train individuals to perform this job function, candidates are encouraged to obtain a Certified Ethical Hacker (CEH) certification. Certified Ethical Hackers are often referred to as “penetration testers” and are actually encouraged to attempt to penetrate a company’s network without physically stealing any data. Those who are able to successfully balance this mental game are also well rewarded as salaries start within the six figure range.

Certified Information Systems Security Professional

One of the most popular certifications prospective job seekers can obtain is that of a Certified Information Systems Security Professional (CISSP). Generally obtained by experienced IT professionals, consultants and auditor and risk management professionals, this certification serves as a base requirement for employees securing a company’s network. While the certification doesn’t focus on a single vendor, it does cover a wide array of topics from physical security to cryptography. Those who fully capitalize on the CISSP certification can make in excess of $150,000 per year.

Certified Information Security Manager

The Certified Information Security Manager (CISM) certification is a top-tier certification for those who have at least five years of experience within the network security industry. The CISM classes are very rigorous and will demand every bit of your five years’ background in IT. Those completing this advanced certification will learn about the following four area of cybersecurity:

  • > Information security program development and management
  • > Information security management
  • > Information security incident management
  • > Information risk management and compliance

Completion of this certification has the potential to roll out an invitation to the C-suite as CISM’s often obtain Chief Information Security Officer positions and command in excess of $200,000 annually.

Arizona Cyber Security School Instructor Sheds Light on Banner Health Data Breach in Phoenix Business Journal

by | Aug 22, 2016 | Cyber Security, Cybersecurity Jobs, Cybersecurity School, Knowledge Center, News

Banner Health recently joined a growing list of corporations who have been the victim of cybersecurity data breaches in Arizona.  Banner Health recently made headlines in the Phoenix Business Journal where it was revealed that private information was stolen from consumers using credit cards at various Banner Health food and beverage outlets.  The hackers targeted Banner Health from June 17 to July 7th obtaining cardholder data like names, card numbers, expiration dates and verification codes.

Craig Cocciola, Director of Information Technology and Facility Security Officer for Advanced Business Learning Inc. was interviewed as an expert source on the incident, claiming that companies need to worry about more than just implementing the latest in physical security systems to stay safe.  “The attackers are always going to have an advantage, teaching employees how to stay on top of potential data breaches is key and that doesn’t happen with the annual webinar training program.  It’s got to be part of your culture.”

Advanced Business Learning (ABL) firmly believes that properly trained and certified employees are your best asset in defending unwanted cyberattacks.  Hiring employees with an Ethical Hacker Certification or a Certified Information Systems Security Professional (CISSP) certification is the best compliment to any physical firewall.

Referencing a past example where an employee of a large corporation accidentally inserted a found thumb drive into their network causing a breach, Cocciola further explained, “If employers provide insider threat training and have more of a culture of security, this person would have known inserting a thumb drive in his computer is risky behavior.  Instead he should have taken it to a manager.”

Eliminating threats is an unrealistic expectation, Cocciola said, adding, “reducing them drastically is a realistic expectation.”

Employers interested in “leveling up” their current staff’s broad base knowledge of preventing future cyberattacks can take advantage of ABL’s new workforce training programs.  Fully customizable to employers’ respective needs, ABL’s boot camps prepare staff members to take the certification exam in as little as five days.

 

The Difference between Training and Learning

The Difference between Training and Learning

by | Jul 20, 2016 | Knowledge Center

The Difference between Training and Learning:

“An organization’s ability to learn, and translate that learning into action rapidly,
is the ultimate competitive advantage”.       ~Jack Welch – Former CEO GE

Is there a difference between training and learning? This is one of the questions that has plagued instructional designers and training organizations for years.  Some people are of the mindset that “if we build it (training), they will learn,” while others have only to look at the absence of behavior change to know that someone who participates in training may not always learn and, more importantly, apply, the specified material.

Training departments in organizations around the globe have been fervently trying to develop programs which will allow the adult learner to learn the material at hand, retain it and use it.  In order to develop successful training programs that do this, the differences between training and learning must be understood. Training is not learning.  We can train someone to hit a baseball in an hour, but it takes years to learn the game.

The first component to understand is training and learning are two distinct, separate functions where learning encompasses training.  When a person participates in a training program, learning occurs to some degree.  In other words, you cannot be trained without some learning.  On the flip side, adult learners can learn without formal training.  Autodidacts around the world will attest to that fact.  Adult learners can engage in learning through any medium without a traditional curriculum and come out the other side with extreme knowledge.  Facilitated training may not provide this type of experience.

One of the key differences between training and learning is individuals generally set out to learn something while training is something that is done to a person.  Learning is what an individual does; training is something they receive.

Another key difference between training and learning is learning can occur anywhere at any time; while training is received at a specific place and time. Education is received at a school resulting in a diploma while training generally occurs at a workplace or seminar and a certificate of completion may be received.

In a study performed at the University of Texas, researchers found that individuals retain a mere 10 percent of what they read and 20 percent of what they hear; however, they retain 90 percent of what they do.  Adults tend to remember much more by doing than merely by reading or listening.

Another difference between training and learning is individuals embark upon learning something about which they are passionate or see a significant personal benefit, i.e. career advancement.  Whereas when someone goes through training, it is usually for a specified outcome.  Perhaps they need to attend a training session for continuing education credits or as a job requirement.

ADULT LEARNING

Danish professor Knud Illeris developed a model of adult learning that focused on cognition, emotion and society; all three of which must be present for learning to occur.  Illeris assumed that the cognitive element of his model contained knowledge and skills, the emotional element contained feelings and motivation, and society was comprised of communicating with other people (Merriam et al., 2007).  According to Illeris, one of five types of “raw material” starts off the learning process. The raw material consists of perception, transmission, experience, imitation and activity.

Conversely, Peter Jarvis’s learning process suggested that all learning begins with experience as well as with the five human senses (Merriam et al., 2007).  Unlike McClusky, Illeris and Knowles, Peter Jarvis theorized that the body’s senses played an imminent role in learning; thus becoming the first theorist to emphasize the body/mind connection.  While Jarvis recognized the importance of experience which was similar to the theories of the others, he emphasized the importance of body in learning, something that these others neglect.

TRAINING

Training generally occurs in spurts.  A person is hired for a new job and must go through training in order to learn the intricacies of systems, machines or other components of the job.  Learning, on the other hand, is an ongoing process for many people and they may engage in multiple learning sessions simultaneously.  Individuals can learn a new iPhone app, learn a new system at work, learn how to de-clutter their home and learn how to cook a new recipe all in the same day.  On the other hand, a training session is generally linear and contains a beginning, middle and ending. Training is often accompanied by an exam or an assessment which will gauge the knowledge of the participant.

It is difficult for training sessions to meet the unique needs of all types of adult learners.  For example, if you are to undergo classroom training, you may have a facilitator who will click through slides and “teach” the various content.  While this may benefit a visual learner, it leaves a kinesthetic learner and an audio learner in the dark.  Often, a variety of mediums are built into the training to ensure the material is retained.  For example, a curriculum can be built with classroom training and then on the job training which allows kinesthetic learners access to the hands-on training.  Sometimes web-based training will accompany classroom training and, if narrated, will reinforce content for the audio learner.

Another consideration training departments must contend with is the fact material is forgotten by adults over time.  The forgetting curve shown in Figure 1 represents how much and how quickly material is forgotten if there is no attempt to refresh the information learned.  Organizations that lean toward “one and done” training sessions do not get the return on their training dollar investment.

forgetting-curves

In addition to the “natural” loss of information after a training class, what happens if the adult learner is not interested in learning through training?  It is the goal of the training team to offer quality training that engage and motivate the individual learner.

Building a Learning Organization

In an article in 2012, Forbes Magazine reported organizations that implemented formalized learning systems versus training classes outperformed the competition by 3:1.  These companies provided coaching, on-demand training and performance support tools which allowed employees to learn and apply content on the job.  This type of program is much more successful than simply training people on a curriculum.  While training classes may have a place in organizations, high-impact learning practices are proving to be more effective to the organization’s bottom line and achieving mission.

 Who-will-Find-Next-Hero

Many organizations are gearing toward the trend of Gamification training to engage employees and ensure training material is retained.  As with any new technique to hit the market, there are pitfalls that can occur (Cook, 2013).  One major component to watch for when developing Gamification training is this type of training may quickly become the norm. While initially providing competitive games with rewards, badges or other types of achievement icons to motivate employees, people can quickly become bored with the “new toy on the block” and lose interest, ultimately having a detrimental effect on ROI and productivity, the exact opposite of the outcome intended.

One effective way to ensure Gamification training is successful is to make it a special component of an overall continuous learning system, not simply an expensive add-on.  Ensure the executive team has buy-in and understands the process of Gamification so employees are held accountable for learning and not merely “playing”.

Implementing adult learning theories into development of Gamification training as well as standard curriculum design will ensure employees are engaged in the training process, retain the content and the adoption of the learning objectives (i.e. new behaviors) are measured and correlated to improved organizational performance and pre-defined metrics.

 Sim-hospital

Gamification and scenario-based simulations and online training provide one answer.  These types of programs can be developed to encompass a variety of adult learners. Scenario-based online programs allow kinesthetic learners to navigate through problems or systems allow and have the hands-on processes they need, while accompanying narration and coaching support the auditory learner.  Providing motivation through rewards or badges may motivate adult learners to continue through the programs.  Competitive individuals may be motivated through leader boards.  While no training process may ever reach all types of adult learners and encompass all adult learning theories, these types of programs reach a far wider audience than ever before.

Summary

The significant difference is training is an “event”. Learning is about fully engaging learners in the learning process – preparedness to learn, ensuring relevance of the content to the learner, and providing just-in-time skill development and practices. Learners need to be fully engaged in the learning process because, in today’s complex organizations, it’s not how much you know; it’s how much you use!

This is the business of our business – creating a series of relevant learning content with reinforcement activities that motivate and encourage learners to apply new concepts.

For example, organizations invest millions in their IT infrastructure. The return is directly related to the ability of their people to maximize the use of these technologies for optimum performance.  IT personnel don’t need to be trained in required technologies, they need to LEARN, APPLY and SUSTAIN these technologies.

At ABL, we draw the crucial distinction between training and learning in all our offerings, as evidenced in our IT learning platform for Cisco, Microsoft and Project Management. In every course, we utilize all of the following:

  • Live, on-line, HD quality classes
  • Front line interaction with top quality instructors
  • Communities of Practice (COP)
  • 24×7 access to the Live recorded classes for both learning preparation and reinforcement
  • Real gear, Live online hands-on labs
  • 24×7 Mentorship Program with Instructors

We are turning our client’s employees into “Active Learners”.  By incorporating these various components, we enable the student to select what they need, when they need it and in what form they want it. We strengthen learning by providing pathways from knowledge to application and interactions that form lasting learning and effective recognition and recall.

Please feel free to contact us to discuss how we can support ensuring your ROI on training investments.

 

References

Bersin, J. (2012)  5 Keys to Building a learning Organization.  Retrieved from:  http://www.forbes.com/sites/joshbersin/2012/01/18/5-keys-to-building-a-learning-organization/

Chapman, A. (2006). Kolb learning styles. Retrieved from http://www.businessballs.com/kolblearningstyles.htm

Cook, W. (2013)  Training Today: 5 Gamification Pitfalls.  Training Magazine.  Retrieved from:  http://www.trainingmag.com/content/training-today-5-gamification-pitfalls

Hansman, Catherine A. (2001) Context-based adult learning.  New Directions for Adult and Continuing Education, no. 89, pp. 43-46.

Kilgore, Deborah W. (2001) Critical and postmodern perspectives on adult learning.   New Directions for Adult and Continuing Education, no. 89, pp 53-55.

Klumpke, A. E. (n.d.). The Seneca Falls convention. Retrieved from http://www.npg.si.edu/col/seneca/senfalls1.htm

Merriam, Sharan B. (2001) Andragogy and self-directed learning: Pillars of adult learning theory. New Directions for Adult and Continuing Education, no. 89, p. 5.

Merriam, Sharan B., Rosemary S. Caffarella, and Lisa M. Baumgartner, (2007) Selections, Learning in adulthood:  A comprehensive guide, 3rd Edition, Jossey-Bass, pp. 27-51, 83-103, 189-215, 226-239

Mezirow, J. (1997). Transformative learning: theory to practice. Retrieved from http://www.ecolas.eu/content/images/Mezirow Transformative Learning.pdf

Neill, J. (2005, January 26). Retrieved from http://wilderdom.com/experiential/JohnDeweyPhilosophyEducation.html

Nobelprize.org. (2011). Retrieved from http://www.nobelprize.org/nobel_prizes/peace/laureates/1931/addams-bio.html

40th anniversary of the adult education act timeline. (2007, October 16). Retrieved from http://www2.ed.gov/about/offices/list/ovae/pi/AdultEd/anniv40/doe.html