Training needs assessment (TNA) is a special process, which is made of a series of actions and changes. It is also widely accepted as an umbrella term, applied to understand the performance problems and introduce new systems and technologies. It is used to conduct the analysis of how the training can assist the organization procedure to achieve its target objectives.
The training needs assessment represents a vast field, which has its particular purposes and components. Deborah Tobey (2005) tried to identify the major goal of this term and stated that it is “the art and science of finding the right problems and understanding them fully” (p. 2). It is intriguing that she did not mention a single word about the notions of training, skills, or learning abilities. The reason for it is the fact that despite the provision of certain skills, the training needs assessment tries to ensure that the training is established based on the demands of a certain organization. Without estimating the actual needs of organizations, trainers risk designing redundant training, which has nothing to do with the burning issues of the organization. Moreover, there exists a possibility that the target audience will simply be unable to perceive it. Introducing the proper needs assessment assists the organization in grasping the real value of a training function and establish the right collaborative relationship with the client. The effective implementation of the training needs assessment consists of several consecutive steps, which include (Tobey, 2005, p. 3):
a) Providing a training program in the context of the organization’s aims and demands.
b) Finding out the specific needs of the organization, which assist to solve particular problematic issues.
c) Identification and capturing the skills, which are necessary for the learners’ jobs.
d) Provision of recommendations regarding the non-training issues, which have a substantial effect on the organization’s goals.
Components of the Training Needs Assessment
The objectives of the training need assessment underscore its significance. In order to understand this issue better, one has to analyze its components: The Focus Group and the Survey.
The Focus Group: it is one of the components of the training needs assessment, which gives people the opportunities to brainstorm their ideas and realize the potential of team involvement (Kamin, 2006, p. 17). It presupposes conducting interviews with the employees in order to gather the necessary data for the assessment. The American Society for Training and Development (2006) emphasizes that the major benefit of the focus groups is their assistance in the identification of the types of training, necessary for the employees and the conditions, which allow providing efficient training (p. 75). It helped find out the real and perceived training deficiencies. Deborah Tobey accentuates that it is important to choose the focus group on neutral turf in order to get sincere responses, which might bring more accurate data. Another advantage of the focus group to be discussed is the possibility of hypotheses development, which could be tested with a larger population. The disadvantages include time and resource consumption, difficulties in conducting the interviews with one facilitator only. Moreover, there exists a risk that a focus group may fall under the influence of certain members, and provide untruthful responses during the interviewing process. In such a case, the training needs assessment is conducted using false data and it affects the training, its impact on the audience, and its effect on the problem-solving process.
Surveys: these are structured interviews, applied to understand what trends emerge in the discussions. It assists in quantifying data with a broader population. The major advantages of the surveys are their inexpensiveness, easiness of the respondents’ participation, quick results, and an easy of their conduction process. The disadvantages of surveys lie in the difficulty of constructing the right questions. Moreover, the wording of the question should constitute the same meaning for all the individuals, who take part in a survey. There is a risk that the respondents may simply choose certain answers without reading the survey, and it may cause irrational outcomes. The most essential thing concerning the surveys is the right formulation of the question, as it leads to the right interpretation.
Justification of the Necessity to Conduct the Training Needs Assessment
There is a burning necessity to conduct the training needs assessment, as it provides an opportunity to resolve the existing problems (Ross and Nilsen, 2013, p. 398) The training needs assessment is useful, because it serves to tie the performance deficiency to the needs of the organization and to ensure that the training will produce the beneficial effects on all of the parties involved. It is helpful to understand what spheres need extra attention and why they are essential for the people. It aids in investigating weak and problematic issues and finding solutions to them. Training needs assessment enhances the aspects of the training methods and expedites the delivery of cost-effective opportunities. The TNA provides the knowledge, skills, and abilities required for successful performance within the organization (Harris, 2008, p. 191). As a mean of justification of training needs assessment, the method of comparison could be applied. It is worth analyzing the data of different companies before and after the training needs assessment is conducted. This method is efficient because it provides proof of the needs assessment’s effectiveness. Moreover, it could reveal the alterations in the performance of a certain group of people before the revelation of the problematic issues. The solutions in these cases are the training, which observes the difficulties, discuss them, and provide the ground for their elucidation.
Steps Taken for the Performance of the Training Needs Assessment
Deborah Tobey (2005) indicates that there are seven important steps for training needs assessment, which include 1) external and internal organization scan; 2) data collection and business needs identification; 3) potential training intervention identification; 4) collecting data to find out the performance level, learning, and learner needs; 5) data analysis; 6) data analysis feedback delivery; 7) training design process (p. 6). In order to understand all the peculiarities of the training needs assessment preparation process, one should discuss each of the steps, mentioned above, in detail.
Step 1. External and internal organization scan: this step presupposes conducting an accurate data gathering through the investigation of newspapers, annual reports, customer service data, strategic plans, and benchmarking. Researchers Snell and Bohlander (2006) state that it is significant to look into the upcoming training needs and understand the strategic goals, as well as their influence on the organization (p. 296). This stage might be called the analysis conduction stage.
Step 2. Data collection and business need identification: This stage involves obtaining the data after the internal and external scanning. In other words, it presupposes the validation of the existing needs and their linkage to the client’s final goal (Tobey, 2005, p. 3). The data obtained is necessary to identify the hurdles, which organization experiences on its ways to the desired goals. Understanding the needs help work out the ways for their achievement.
Step 3. Potential training intervention identification: This stage considers the training interventions, which might turn out beneficial for the existing demands. Deborah Tobey (2008) states that the primary objective of this phase is sharing “the discoveries that have been made during the organizational scanning” (p. 8).
Step 4. Collecting data to identify the performance, learning, and learner needs: This stage presupposes the analysis of the existing data in order to understand the level of job performance, the skills, and knowledge of the focus group, and the desired changes, which might be helpful for the achievement of the objectives. The assessment of performance and learner’s actual need is significant for working out the right training patterns, which will be interesting and simultaneously useful for the audience.
Step 5. Data analysis: this step is crucial, as it helps identify the existing gaps between the desired and current job performance, as well as demanded and current skills, along with the knowledge level (Tobey, 2005, p. 8). The estimation of these gaps allows the assessor to choose the right method to address them.
Step 6. Data analysis feedback delivery: during this phase, the assessor compiles a report, which manifests the needs and knowledge gaps of the focus group together with recommendations for the situation improvement. The evaluator should then explain to the client the existing problems, their possible consequences, and measures, which could be taken for their prevention.
Step 7. Training design process: this is the final stage and it requires working on the design of the training. The assessor should take into account the data, which he/she had obtained as a result of training needs assessment and apply it in the training process, to produce the targeted learning objectives.
In conclusion, it should be assumed that training needs assessment is a necessary and useful process, which assists to understand the problems, difficulties, and hurdles, as well as working out the methods of their overcoming. The training assessment could be manifested through surveys or interviews within the focus groups. The most essential thing is finding the knowledge and skills gaps, along with considering the ways of their elimination.
Program Title: Information Security training
· Raising the employees’ awareness with respect to the information security best practices;
· Pointing out the significance of corporate data and consideration of the possibility of insider threats;
· Explanation of the media and materials, which can lead to the information security violation;
· Description of all the forms of security threats and their adverse effect on the organization’s performance;
· Listing of all the responsibilities, which the employees carry with regards to the corporate information;
· Practical testing of the most common errors, which can be the cause of the information security violation
· Discussion of the possible punishments for the corporate information security violation.
Who Should Attend:
This program is created in order to raise the awareness of all the employees of the organization, as each of them may deliberately or accidentally cause the violation of corporate information safety. For that reason, all the employees of a particular organization have to be present during this training program.
The program consists of seven discussion topics. They include:
1. Information security effectiveness:
The successful information security could be achieved through the implementation of special programs for the employees’, following the particular rules. Researchers Tipton and Krauze discuss this issue in their work and emphasize that “effective information security program will have employees at all organizational levels practicing solid security principles while cooperating with corporate goals and policy” (p. 58).
When employees utilize necessary security technologies, they lead to the minimization of security breaches’ costs. It should be stated that information security effectiveness can be viewed from both the individual and team perspectives. Technology facilitates the higher level of protection of the corporate information and the employees’ sticking to the rules ensures it.
Delivery tools and techniques: Application of SETA (security education, training, and awareness) and corporate information security training program.
2. Security Culture
The organizational culture constitutes beliefs, values, norms, and understandings (Keyton, 2011, p. 69). The safety culture resembles a corporate culture but includes common beliefs and norms concerning the security goals and practices. In case when all workers embrace the security culture and consider it an integral part of the job, the system remains strong. It has a positive effect on the functioning of the whole company.
A discussion of this topic is significant for the employees’ understanding of the whole picture. Without a constructive security culture, all the policies and procedures within the organization turn out to be ineffective with respect to information security maintenance.
Delivery tools and techniques: Persuasion and explanation of the adverse consequences of poor security system are the best tools in this case. They assist the employees in understanding how safety culture affects the organization’s performance and target outcomes.
3. Media and Materials, and Their Effect on Information Security
Documentary materials and corporate systems are sources of information. In order to retain it, appropriate backups and regulatory, commercial, as well as financial requirements need to be followed. The retention copies and mission-critical backups have to be stored in a secure off-site location with the respective level of control.
The inadequate storage of the corporate materials and information files could lead to their revelation, which might have drastic consequences for the organization as a whole. The data could be applied by the competitors, which in turn will damage the plans of the company.
Delivery tools and techniques:
In order to assure the high level of information security and avoid violations through the documentary materials and media, the employees should conduct regular inventory checks and store the data on LAN servers, that are located in a way which can control the impact of traffic on the network (Wayne, 2008, p. 121).
4. Security Threats and Their Effect on the Organization:
The external and internal threats have a serious effect on the organization’s information assets, the organization’s reputation and the profile (Calder, 2005, p. 98). Threats may vary from hackers' attacks to organized crimes.
Accentuation on the importance of information security threats is necessary, as their leakage is price sensitive. Virus infections may be capable of destroying vital data and worsen the organization’s performance, staff misuses of information systems may lead to different misunderstandings, and the external intrusions may be simply disastrous for the well-being of the company. The employees should be aware of different forms of information security threats and understand the actions, which they have to perform to avoid them.
Delivery tools and techniques:
The appropriate delivery tools could be lectures aimed at increasing the employee's awareness. It has to be the theoretical explanation of the threats and enumerations of the methods, applied for their avoidance.
5. Employees’ Responsibility:
Ensuring information security is the primary responsibility of the employees, and it has to be one of the terms of the contractual agreement. Employees have to protect corporate information from possible inside and outside threats, unauthorized access, and disclosure.
The security responsibilities should be tied to the job description. The value of the information is closely connected to financial, legal, and personal losses. The employees have to understand that being a worker means being an important part of the organization. Preservation of the data is their mission.
Delivery tools and techniques:
Application of the real-life examples is the best tool which can assist the employees in understanding how they should operate. Moreover, they have to be instructed on the punishments, which they could be subjected to in case of the information leak or revelation.
6. Common Errors and Employees’ Training:
The employees have to be aware of the common errors that can result in the information security violation. In order to provide the necessary training, the security awareness program could be applied. Moreover, Agent Surefire could also be used to this end. This is a training simulation program, which helps raise the workers’ awareness through the use of `game-based content. It provides the opportunity to test the employees’ skills and knowledge through the identification of violations in a realistic organization’s simulation.
The major benefit of explaining the employees the common errors and providing them with the opportunity to try their skills is the knowledge gap revelation. The employees obtain a chance to try their decision-making skills in an almost real-life situation. This testing shows the possible mistakes and ensures their prevention in the future,
Delivery tools and techniques:
Agent Surefire Program, Security Awareness program, and theoretical discussion and explanation of the common information connected errors.
7. Information Security Violation and Punishment:
Violation of information security is a serious crime that commonly leads to drastic consequences, which ultimately affect the performance of the organization. The strongest punishment, which could be applied in this case, is probably reporting to the police and dismissal. In case when an employee violates the information security rules, it is essential to consider the following aspects: analysis of the security violation, and understanding whether the data was lost or manipulated. The analysis presupposes understanding the kind of information that was lost, possible upgrades, and finding the individual who has caused the problem. It is essential to find out whether the data is simply lost or manipulated, as it shows the extent of the possible side effects.
Explanation of the possible punishment for the information security violation is significant; because it makes the employees double think before performing their actions.
Delivery tools and techniques:
The techniques for determining the punishment include violation analysis. However, in order to present the data to the employees, the theoretical explanation with real-life practical examples may be used.
The major benefits which the individuals will acquire after attending the program will primarily include the raised awareness in the field of corporate information security. People will realize what actions may lead to information security violations, how programs could be used for such violations prevention, and what consequences might follow the common mistakes. It will help them be more attentive at work and treat corporate information more seriously. This program will be the first step towards the employees’ understanding of their responsibilities and the roles which they play in the company. Moreover, it could reveal their significance with respect to the organization and its performance.
In order to continue improving the program, it is worth organizing certain pieces of training, where employees could be divided into teams and will have to find out the source of information security violation, the violator, and steps, aimed at avoiding negative consequences. It will provide them with practical knowledge in this field. Moreover, further program development could include the historical investigation, which will reveal the effects that famous companies have experienced after unauthorized access, as well as inside and outside threats. In the future, more emphasis on practice should be made. It could assist the employees not only in grasping the importance of corporate information security but also in realizing the extent of their consequences. The theoretical explanation does not allow them to realize the true power of information, and historical insight, linked to practical experience, will definitely raise the employees’ awareness.