The Next Generation of Compliance Training

Share with your network!

November 29, 2012 Jason Hong

In today’s business environment, organizations are faced with a number of privacy, security, and legal requirements. These might include proper use of email, proper handling of personally identifiable information, compliance with PCI-DSS requirements, or compliance with laws such as HIPAA, Sarbanes-Oxley, or FERPA.

The most basic form of compliance training is awareness, making people aware that there are requirements that affect them. Awareness is a necessary first step, but is not sufficient. You also need to teach people how to size up a situation, what actions they can and should take in different situations, and then measure what they have learned both immediately as well as post-training.

To give a concrete example, let’s look at PCI. Basic awareness would teach people that credit card information needs to be handled carefully, including such things as how to protect it and how to destroy it. However, basic awareness doesn’t teach people how to identify threats of PCI theft, or what to do if they find such an attack.

What’s also needed is something that teaches people the skills to identify these kinds of attacks, as well as what to do in these situations. There also needs to be ongoing training and assessment, rather than something that is just one-time, to make sure that people have truly learned the material and are up to date on the latest attacks.

This is what makes Wombat Security’s compliance training the next generation of training. We have a range of training modules for privacy and security, including modules for PCI-DSS, Personally Identifiable Information, and Data Protection and Destruction. We design each of our training modules to be visually attractive, easy to understand, and testable, so administrators as well as individuals can assess how well they have learned the material.

With Wombat’s Compliance Training series, Governance, Risk management, and Compliance (GRC) officers can rest assured that their employees are truly learning how to be compliant, not just guessing at quiz answers to get a certificate.