Content library
Cyber security training
Ensuring coverage of relevant topics on personnel training and guidance processes
Personnel security
Cyber security training

Ensuring coverage of relevant topics on personnel training and guidance processes

Start free trial

Task description

Ensuring coverage of relevant topics on personnel training and guidance processes

The organisation should have a procedure for training and guidance of its personnel. These procedures should include and cover at least the following topics:

  • Information security policies.
  • Reporting of security incidents.
  • Response to malware incidents.
  • User account and login information policies (e.g., password policies).
  • Compliance with information security regulations.
  • Use of non-disclosure agreements (NDAs) when sharing sensitive information.
  • Use of external IT services.

The training program should identify specific groups of employees who require this training, such as administrators, those with access to customer networks, and manufacturing personnel.

The training concept must be approved by responsible management. Conduct training and awareness programs regularly and in response to specific events. Ensure that employees know who to contact for information security concerns.

Requirements connected to the task

13.1.f: Raise awareness
CER Directive
14.3: Train Workforce Members on Authentication Best Practices
CIS 18 controls
2.1.3: Staff training
TISAX: Information security

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Staff guidance and training procedure in cyber security
Critical
High
Normal
Low
Cyber security training
88
requirements

Examples of other requirements this task affects

Članak 30.1.g: Kibernetičke higijene i osposobljavanje o kibernetičkoj sigurnosti
NIS2 Croatia
2.6: Ohjeet ja koulutus
TiHL tietoturvavaatimukset
9.11 §: Perustason tietoturvakäytännöt ja henkilöstön vastuu
Kyberturvallisuuslaki
9.2 §: Kyberturvallisuuden toimintaperiaatteet
Kyberturvallisuuslaki
9.6 §: Henkilöstöturvallisuus ja tietoturvakoulutus
Kyberturvallisuuslaki
See all related requirements and other information from tasks own page.
Go to >
Staff guidance and training procedure in cyber security
Training for support personnel
Critical
High
Normal
Low
Cyber security training
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Training for support personnel
Periodically reviewing training records
Critical
High
Normal
Low
Cyber security training
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Periodically reviewing training records
Regular review of staff training themes
Critical
High
Normal
Low
Cyber security training
2
requirements

Examples of other requirements this task affects

35A.3: Παρακολούθηση της εκπαίδευσης από την ανώτατη διοίκηση
NIS2 Cyprus
See all related requirements and other information from tasks own page.
Go to >
Regular review of staff training themes
Personnel security policy
Critical
High
Normal
Low
Cyber security training
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Personnel security policy
Developing and implementing policies and conducting training
Critical
High
Normal
Low
Cyber security training
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Developing and implementing policies and conducting training
Designate privacy personnel
Critical
High
Normal
Low
Cyber security training
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Designate privacy personnel
Conducting role-specific security awareness and skills training
Critical
High
Normal
Low
Cyber security training
1
requirements

Examples of other requirements this task affects

14.9: Conduct Role-Specific Security Awareness and Skills Training
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Conducting role-specific security awareness and skills training
Training workforce on identifying and reporting of missing security updates
Critical
High
Normal
Low
Cyber security training
1
requirements

Examples of other requirements this task affects

14.7: Train workforce on how to identify and report if their enterprise assets are missing security updates
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Training workforce on identifying and reporting of missing security updates
Training workforce on causes of unintentional data exposure
Critical
High
Normal
Low
Cyber security training
1
requirements

Examples of other requirements this task affects

14.5: Train Workforce Members on Causes of Unintentional Data Exposure
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Training workforce on causes of unintentional data exposure
Establishing and maintaining security awareness training
Critical
High
Normal
Low
Cyber security training
1
requirements

Examples of other requirements this task affects

14.1: Establish and Maintain a Security Awareness Program
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Establishing and maintaining security awareness training
Top management cyber security training
Critical
High
Normal
Low
Cyber security training
20
requirements

Examples of other requirements this task affects

31 § 2°: Formation des cadres supérieurs à la cybersécurité
NIS2 Belgium
14.7.: Kibernetinio saugumo mokymai
NIS2 Lithuania
Art. 23.2: Formazione in materia di sicurezza informatica
NIS2 Italy
14.2: Παρακολούθηση της κατάρτισης από την ανώτατη διοίκηση
NIS2 Greece
18.3: Taħriġ obbligatorju għall-maniġment
NIS2 Malta
See all related requirements and other information from tasks own page.
Go to >
Top management cyber security training
Arranging specific data protection training for personnel
Critical
High
Normal
Low
Cyber security training
1
requirements

Examples of other requirements this task affects

9.7.2: Employee data protection training
TISAX
See all related requirements and other information from tasks own page.
Go to >
Arranging specific data protection training for personnel
Ensuring coverage of relevant topics on personnel training and guidance processes
Critical
High
Normal
Low
Cyber security training
7
requirements

Examples of other requirements this task affects

2.1.3: Staff training
TISAX
14.3: Train Workforce Members on Authentication Best Practices
CIS 18
13.1.f: Raise awareness
CER
See all related requirements and other information from tasks own page.
Go to >
Ensuring coverage of relevant topics on personnel training and guidance processes
Maintaining a log of cyber security trainings
Critical
High
Normal
Low
Cyber security training
59
requirements

Examples of other requirements this task affects

Članak 29.b: Osposobljavanja
NIS2 Croatia
Članak 30.1.g: Kibernetičke higijene i osposobljavanje o kibernetičkoj sigurnosti
NIS2 Croatia
9.11 §: Perustason tietoturvakäytännöt ja henkilöstön vastuu
Kyberturvallisuuslaki
30 § 3.7°: Les pratiques et la formation en matière d'hygiène cybernétique
NIS2 Belgium
31 § 2°: Formation des cadres supérieurs à la cybersécurité
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Maintaining a log of cyber security trainings
Incorporating real-life security incidents in staff training
Critical
High
Normal
Low
Cyber security training
1
requirements

Examples of other requirements this task affects

4.4.4: Communicate and share findings with relevant stakeholders
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Incorporating real-life security incidents in staff training
Training the use of security systems and reporting of malware attacks
Critical
High
Normal
Low
Cyber security training
4
requirements

Examples of other requirements this task affects

7.2.2: Information security awareness, education and training
ISO 27001
12.2.1: Controls against malware
ISO 27001
12.2: Protection from malware
ISO 27001
8.7: Protection against malware
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Training the use of security systems and reporting of malware attacks
Training personnel with a changed role
Critical
High
Normal
Low
Cyber security training
9
requirements

Examples of other requirements this task affects

7.3: Termination and change of employment
ISO 27001
7.3.1: Termination or change of employment responsibilities
ISO 27001
PR.IP-11: Cybersecurity in human resources
NIST
6.5: Responsibilities after termination or change of employment
ISO 27001
PR.IP-11: Cybersecurity is included in human resources practices (deprovisioning, personnel screening…).
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Training personnel with a changed role
Regular unit-based cyber security communication
Critical
High
Normal
Low
Cyber security training
6
requirements

Examples of other requirements this task affects

7.2.2: Information security awareness, education and training
ISO 27001
CC2.2: Internal communication of information
SOC 2
PR.AT-1: All users are informed and trained.
CyberFundamentals
4.4.4: Communicate and share findings with relevant stakeholders
NSM ICT-SP
PR.AT-02: Individuals in specialized roles
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Regular unit-based cyber security communication
Evaluating the efficiency of arranged training
Critical
High
Normal
Low
Cyber security training
23
requirements

Examples of other requirements this task affects

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima
NIS2 Croatia
9.1 §: Toimien vaikuttavuuden arviointi
Kyberturvallisuuslaki
30 § 3.6°: L'efficacité des mesures de gestion des risques
NIS2 Belgium
14.5.7): Kibernetinio saugumo reikalavimų veiksmingumui
NIS2 Lithuania
Art. 24.2.f: Valutare l'efficacia delle misure di gestione del rischio di sicurezza informatica
NIS2 Italy
See all related requirements and other information from tasks own page.
Go to >
Evaluating the efficiency of arranged training
Arranging training and guidance during orientation (or before granting access rights)
Critical
High
Normal
Low
Cyber security training
42
requirements

Examples of other requirements this task affects

Članak 30.1.g: Kibernetičke higijene i osposobljavanje o kibernetičkoj sigurnosti
NIS2 Croatia
2.6: Ohjeet ja koulutus
TiHL tietoturvavaatimukset
9.11 §: Perustason tietoturvakäytännöt ja henkilöstön vastuu
Kyberturvallisuuslaki
2.1.3: Staff training
TISAX
4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä
TiHL
See all related requirements and other information from tasks own page.
Go to >
Arranging training and guidance during orientation (or before granting access rights)
Reminding personnel about their cyber security responsibilities
Critical
High
Normal
Low
Cyber security training
24
requirements

Examples of other requirements this task affects

Članak 30.1.g: Kibernetičke higijene i osposobljavanje o kibernetičkoj sigurnosti
NIS2 Croatia
9.11 §: Perustason tietoturvakäytännöt ja henkilöstön vastuu
Kyberturvallisuuslaki
2.1.3: Staff training
TISAX
30 § 3.7°: Les pratiques et la formation en matière d'hygiène cybernétique
NIS2 Belgium
14.5.8): Kibernetinės higienos praktiką ir mokymus
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Reminding personnel about their cyber security responsibilities

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security