Security Awareness Program
Awareness programs:
Employee awareness programs are designed to protect organisation assets from security threats that affect the Confidentiality, Integrity, and Availability (CIA) of the assets. Training employees will reduce the attack surface, so system users know how to react to security-related issues such as spam emails with malicious files or links, time of security event, and so on. Awareness programs can be customized based on employees’ awareness maturity, and/ or specific areas based on roles such as Remote employees’ awareness training, phishing awareness, fundamental awareness training, and ransomware Awareness training. Awareness programs are result-oriented and save organisation resources. Awareness programs can be automated and tracked for maturity with awareness automation tools.
Example: KnowBe4
NZISM Information security awareness and training programs are designed to help system users are:
1. become familiar with their roles and responsibilities.
2. understand any legislative or regulatory mandates and requirements
3. understand any national or agency policy mandates and requirements
4. understand and support security requirements
5. assist in maintaining security, and learn how to fulfill their security responsibilities
(Source: NZISM; Security_Awareness_and_Training-V.3.6)