#Japan #Security Training #Chiyoda #Lightworks #CAREERSHIP

Enhancing Information Security Training: A New Approach

In a world where cyber threats are on the rise, businesses must prioritize the effectiveness of their information security training. Despite many organizations implementing such training programs, a recent survey by the Information-Technology Promotion Agency (IPA) revealed significant gaps in these efforts. With findings indicating that 38.6% of respondents face personnel shortages, and 33.3% lack employees knowledgeable in security, many programs are often criticized for being ineffective or outdated.

To address these challenges, Lightworks, a leading e-learning content provider and LMS developer, has released the 'Information Security Training Service Selection Guide (Vendor Neutral Version),' complete with a checklist for businesses considering revising or establishing their security training protocols. This guide is designed to help companies objectively assess potential training services without endorsing any particular vendor.

Aiming for Effective Education

The guide comes at a crucial time as the Ministry of Economy, Trade and Industry of Japan (METI) is preparing to implement a new security assessment system by the end of the fiscal year 2026 that aims to strengthen supply chain security. This initiative necessitates an urgent re-evaluation of existing training systems to ensure they meet current threats and provide real value.

Unpacking Common Misconceptions in Security Training

The guide draws from six months of in-depth analysis involving over twenty business negotiations and educational material reviews. It highlights three common pitfalls when selecting training programs:

1. Misunderstanding Internal Handling: Many programs falsely assure organizations that they can manage operations independently, often leading to hidden monthly workloads of 10 to 15 hours for educational coordinators. Potential clients should focus not just on capabilities but on aspects that eliminate their own burdens.

2. The Trap of Feature Listings: Companies frequently fall into the trap of evaluating providers based solely on feature lists, thinking that more functionalities mean better services. However, without proper internal structures, organizations can end up paying for unused capabilities.

3. Cost Miscalculations: A superficial comparison of monthly fees can lead to unexpected expenses. While providers may advertise low rates, when total cost of ownership (TCO) is calculated, including staffing and operational costs, many companies find themselves exceeding budget.

Recognizing Blind Spots

Moreover, the guide underscores three prevalent oversights in traditional training methods centered around email:

• - Emerging Threat Channels: Attack methodologies such as QR code phishing and voice phishing are gaining traction, leaving email-only training inadequate.
• - Disjointed Testing and Practical Training: There's often a disconnect between knowledge-testing assessments and experiential training themes, diminishing training effectiveness.
• - Slow Curriculum Updates: With updates occurring only one or two times per year, training programs fail to keep pace with fast-evolving threats.

To combat these issues, the guide offers essential pre-demonstration questions for potential vendors, a workload comparison editable for internal approvals, and methods to construct a training regime that lowers monthly administrative hours while enabling compliance with new regulations.

Structure of the Guide

The comprehensive 18-page guide consists of:
1. Why Viewing Demos Can Lead to Poor Comparisons
2. Common Pitfalls to Avoid Before Implementation
3. Three Blind Spots That Are Overlooked
4. Five Critical Questions for Vendor Evaluation
5. Hidden Management Workloads

Additionally, it includes valuable appendices such as a selection checklist, statistics for budgeting, and a detailed overview of the study employed to create this guide.

For businesses grappling with the complexities of effective information security training, this guide is an indispensable tool to navigate the landscape and implement robust educational systems that resist the pitfalls of yesterday’s training methods.

Conclusion

By proactively addressing the state of their security training programs, organizations can not only meet regulatory demands but also create a culture of security awareness that is resilient to both current and future threats. Lightworks aims to lead the way in reshaping how businesses approach information security education, ensuring they are not only compliant but truly prepared to face the challenges that lie ahead.