*** Warrior Wednesday ***

[Cyber Russ]

Explore the concept of security awareness training for employees and its impact on preventing social engineering attacks.

What are the key elements of an effective security awareness program, and how can organizations measure its success?

 

[Rick Butler]

Explore the concept of security awareness training for employees and its impact on preventing social engineering attacks.

What are the key elements of an effective security awareness program, and how can organizations measure its success?

View attachment 1537

Those are all good things to put into a security awareness program, generally...

...but...

*scoots out soapbox*

Requirements derived from a proper security analysis of one's environment is the first step. Every organization is unique and organic, so a security architect needs to consider the kinds of incidents that have been felt by an organization over the last 5-7 years and THEN build that Awareness program.

/r

 

[Gregory Childers]

The key elements of an effective security awareness program?

I'd start with the strategic goals and objectives of the organization.
An inventory of all of the organizational assets. Especially, the mission critical assets.
A list of laws, regulations, and standards that are applicable to the organization's industry and the data they keep.
A cybersecurity framework, a risk management framework, and a controls framework.
SMART metrics and measurements to set standards and targets as well as to measure performance.

But if you want something quick, tell the users to quit clicking on links in emails. That will fix most issues if they pay attention and follow instructions.