Does your organization require annual refresher training for all employees to reinforce existing security practices and introduce new ones?
Explanation
Regular security refresher training ensures employees maintain awareness of security policies, procedures, and best practices while also introducing them to emerging threats and countermeasures. Annual refreshers help combat the natural decay of security knowledge over time and ensure staff are updated on new security requirements or organizational changes.
Evidence of compliance could include training completion records, annual training calendars, training content/materials showing both reinforcement of existing practices and introduction of new security concepts, or reports showing completion rates across departments.
Implementation Example
Require annual refreshers to reinforce existing practices and introduce new practices
ID: PR.AT-02.222
Context
- Function
- PR: PROTECT
- Category
- PR.AT: Awareness and Training
- Sub-Category
- Individuals in specialized roles are provided with awareness and training so that they possess the knowledge and skills to perform relevant tasks with cybersecurity risks in mind
Related questions
- Does your organization provide cybersecurity awareness and training to all users with access to non-public resources?
- Does your organization provide comprehensive security awareness training that covers social engineering recognition, attack reporting procedures, acceptable use policies, and basic cyber hygiene practices?
- Does your organization clearly communicate the consequences of cybersecurity policy violations to all employees and stakeholders?
- Does your organization regularly assess employees' cybersecurity awareness through testing or evaluation?
- Does your organization require annual refresher training for all employees to reinforce existing security practices and introduce new ones?
- Has the organization identified specialized roles that require additional cybersecurity training beyond the baseline security awareness program?

