PR.AT-01.217

Does your organization regularly assess employees' cybersecurity awareness through testing or evaluation?

Explanation

Regular assessment of employee cybersecurity knowledge helps identify gaps in understanding and ensures staff can recognize and respond appropriately to security threats like phishing, social engineering, and data handling requirements. These assessments establish accountability and reinforce the importance of security practices in daily operations. Evidence could include documentation of recent cybersecurity quizzes, phishing simulation results, training completion records with assessment scores, or a formal schedule of security awareness testing with metrics showing participation rates and performance trends.

Implementation Example

Periodically assess or test users on their understanding of basic cybersecurity practices

ID: PR.AT-01.217

Context

Function: PR: PROTECT
Category: PR.AT: Awareness and Training
Sub-Category: Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub