PR.AT-01.214

Does your organization provide cybersecurity awareness and training to all users with access to non-public resources?

Explanation

Cybersecurity awareness training helps users recognize and respond appropriately to security threats like phishing, social engineering, and data handling requirements. This training should be provided to all individuals with access to sensitive information, including employees, contractors, partners, and suppliers, as they all represent potential security vulnerabilities if not properly educated. Evidence could include training materials, attendance records, completion certificates, training schedules, or screenshots of your learning management system showing cybersecurity courses assigned to different user types. An annual training calendar or policy document outlining training requirements for different user categories would also serve as supporting evidence.

Implementation Example

Provide basic cybersecurity awareness and training to employees, contractors, partners, suppliers, and all other users of the organization's non-public resources

ID: PR.AT-01.214

Context

Function: PR: PROTECT
Category: PR.AT: Awareness and Training
Sub-Category: Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub