:star: G17 Security Training (:checkered_flag: G17-3 Implement a security…
:star: G17 Security Training
Perform gap analysis
to see which skills employees need
and which behaviors employees are not adhering to
using this information to build
a baseline training and awareness roadmap
for all employees.
Deliver training to fill the skills gap.
If possible, use more senior staff to deliver the training.
A second option is to have outside teachers provide training onsite
so the examples used will be directly relevant.
If you have small numbers of people to train
use training conferences or online training to fill the gaps.
Implement a security awareness program that
1) focuses only on the methods commonly used in intrusions that can be blocked through individual action
2) is delivered in short online modules convenient for employees
3) is updated frequently (at least annually) to represent the latest attack techniques
4) is mandated for completion by all employees at least annually
and 5) is reliably monitored for employee completion.
Validate and improve awareness levels through periodic tests
to see whether employees will click on a link
from suspicious e-mail or provide sensitive information on the telephone
without following appropriate procedures for authenticating a caller;
targeted training should be provided to those who fall victim to the exercise.
Use security skills assessments for each of the mission-critical roles
to identify skills gaps.
Use hands-on, real-world examples
to measure mastery.
If you do not have such assessments,
use one of the available online competitions that simulate real-world scenarios
for each of the identified jobs
to measure skills mastery.