Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Employees shall be trained as appropriate.
Guidance
- Employees include all users and managers of the ICT/OT systems, and they should be trained
immediately when hired and regularly thereafter about the company’s information security policies
and what they will be expected to do to protect company’s business information and technology.
- Training should be continually updated and reinforced by awareness campaigns.
The organization shall incorporate insider threat recognition and reporting into security
awareness training.
Guidance
Consider to:
- Communicate and discuss regularly to ensure that everyone is aware of their responsibilities.
- Develop an outreach program by gathering in a document the messages you want to convey to your
staff (topics, audiences, objectives, etc.) and your communication rhythm on a calendar (weekly,
monthly, one-time, etc.). Communicate continuously and in an engaging way, involving management,
IT colleagues, the ICT service provider and HR and Communication managers.
- Cover topics such as: recognition of fraud attempts, phishing, management of sensitive information,
incidents, etc. The goal is for all employees to understand ways to protect company information.
- Discuss with your management, your ICT colleagues, or your ICT service provider some practice
scenarios (e.g. what to do if a virus alert is triggered, if a storm cuts off the power, if data is blocked,
if an account is hacked, etc.), determine what behaviours to adopt, document and communicate
them to all your staff. The central point of contact in the event of an incident should be known to all.
- Organize a simulation of a scenario to test your knowledge. Consider performing the exercise for
example at least once a year.
The organization shall implement an evaluation method to measure the effectiveness of the
awareness trainings.
Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.
Employees shall be trained as appropriate.
Guidance
- Employees include all users and managers of the ICT/OT systems, and they should be trained
immediately when hired and regularly thereafter about the company’s information security policies
and what they will be expected to do to protect company’s business information and technology.
- Training should be continually updated and reinforced by awareness campaigns.
The organization shall incorporate insider threat recognition and reporting into security
awareness training.
Guidance
Consider to:
- Communicate and discuss regularly to ensure that everyone is aware of their responsibilities.
- Develop an outreach program by gathering in a document the messages you want to convey to your
staff (topics, audiences, objectives, etc.) and your communication rhythm on a calendar (weekly,
monthly, one-time, etc.). Communicate continuously and in an engaging way, involving management,
IT colleagues, the ICT service provider and HR and Communication managers.
- Cover topics such as: recognition of fraud attempts, phishing, management of sensitive information,
incidents, etc. The goal is for all employees to understand ways to protect company information.
- Discuss with your management, your ICT colleagues, or your ICT service provider some practice
scenarios (e.g. what to do if a virus alert is triggered, if a storm cuts off the power, if data is blocked,
if an account is hacked, etc.), determine what behaviours to adopt, document and communicate
them to all your staff. The central point of contact in the event of an incident should be known to all.
- Organize a simulation of a scenario to test your knowledge. Consider performing the exercise for
example at least once a year.
The organization shall implement an evaluation method to measure the effectiveness of the
awareness trainings.
In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.
In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.
Sets the overall compliance standard or regulation your organization needs to follow.
.svg)
.svg)
.svg)
Break down the framework into specific obligations that must be met.
.svg)
Concrete actions and activities your team carries out to satisfy each requirement.
Documented rules and practices that are created and maintained as a result of completing tasks.
