
	Home > Ask the Security Experts > Security Management Questions & Answers > Is it important to hold fraud-training sessions during a fraud-risk analysis?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Is it important to hold fraud-training sessions during a fraud-risk analysis?

EXPERT RESPONSE FROM: Mike Rothman

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 02 May 2008
We are in the process of performing fraud risk assessment. As part of this assessment, is it imperative/important to hold fraud-training sessions? If so, what should these sessions emphasize?

EXPERT RESPONSE
Holding fraud-training sessions is definitely not imperative. To the contrary, I think it's a bad idea to do training in the middle of a risk assessment.

The purpose of the risk assessment is to figure out how vulnerable systems are to fraud. Begin by determining a baseline relative to current activities, so that new processes and procedures can be put in place to more effectively deal with fraud.

Training employees in the middle of the assessment runs the risk of compromising the data gathered during the risk assessment. There will be plenty of time for training later, but during the assessment is the time to uncover and categorize those risks, so the organization can determine what needs to be done most urgently.

To be clear, fraud training is absolutely critical to fraud reduction efforts, but after the assessment is complete. When that time comes, focus on helping employees understand both what is considered private data and intellectual property (presumably the data that needs protection), as well as recognize typical attacks (mostly social engineering and other fraud attacks).

A helpful site to look at when starting a training program is PhishMe.com. This site automates the sending of phishing emails to employees and tracks whether they fall for the ruse. It can also test employees over time to see if educational and training efforts had a positive effect on their ability to deal with the fraud.

More information:

Learn about the role information security plays in fraud-prevention activities.
Preventing passport fraud and birth certificate fraud can be prevented: Read best practices.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Security Management
	What is the GISP certification and how does it compare to the CISSP certification?
	Would QSAs normally write up a PCI DSS report on compliance (ROC) and submit it to all issuing card brands?
	How can gap analysis be applied to the security system development life cycle?
	When should an enterprise consider low-cost security appliances vs. a bigger do-everything appliance?
	What are some tips on protecting my security budget in a tight economy?
	What value do research firms provide to enterprises that subscribe to their services?
	What certificate offers the best ROI for an IT project manager?
	Which is the biggest threat to data: Insider activity or outsider activity?
	What role does information security play in enterprise fraud-prevention activities?
	What is the difference between an SAS 70 data center and a Tier III data center?

Information Security Training

What is the GISP certification and how does it compare to the CISSP certification?

What courses can improve fundamental knowledge of infrastructure systems (Active Directory, LDAP, etc.)?

New certification targets software security

Security certifications

Certification still pays for CISSPs, CISMs

What certificate offers the best ROI for an IT project manager?

Security School Course Catalog from SearchSecurity.com

Security Certifications' Ethics Programs Merely Window-Dressing

Security certifications: Are they worth the trouble?

Would you recommend SANS Institute security training?

Information Security Awareness Training

Security policy being bypassed by employees, survey finds

Sound compliance policies, practices reduce legal costs

Unified communications trigger data leakage dangers, survey finds

Security Awareness Training Essential Part of Infosec Program

Societe Generale bolsters internal controls, discovers second insider

Companies still monitoring email manually, survey finds

Trading firms rethink risk strategy

Security pros focused on internal threat, training

Is it a violation of HIPAA to collect consumer Social Security numbers?

Windows Update attacks: Ensuring malware-free downloads

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

Cisco Certified Security Professional (CCSP) (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy