ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 33
14.1 Establish and Maintain a
Security Awareness Program
N/A
Protect
14.2 Train Workforce Members to
Recognise Social Engineering
Attacks
N/A
Protect
14.3 Train Workforce Members on
Authentication Best Practices
N/A
Protect
14.4 Train Workforce on Data
Handling Best Practices
N/A
Protect
14.5 Train Workforce Members on
Causes of Unintentional Data
Exposure
N/A
Protect
14.6 Train Workforce Members on
Recognising and Reporting
Security Incidents
N/A
Protect
14.7 Train Workforce on How to
Identify and Report if Their
Enterprise Assets are Missing
Security Updates
N/A
Protect
14 - Security Awareness and Skills Training
Safeguards Total
9
IG1
8/9
IG2
9/9
IG3
9/9
Establish and maintain a security awareness program to influence behavior
among the workforce to be security conscious and properly skilled to
reduce cybersecurity risks to the enterprise.
Why Is This CIS Control Critical?
The actions of people play a critical part
in the success or failure of an enterprise’s
security program. It is easier for an attacker
to entice a user to click a link or open an
email attachment to install malware in
order to get into an enterprise, than to find
a network exploit to do it directly.
Users themselves, both intentionally and
unintentionally, can cause incidents as
a result of mishandling sensitive data,
sending an email with sensitive data to the
wrong recipient, losing a portable end-user
device, using weak passwords, or using the
same password they use on public sites.
No security program can effectively
address cyber risk without a means
to address this fundamental human
vulnerability. Users at every level of
the enterprise have different risks. For
example: executives manage more
sensitive data; system administrators have
the ability to control access to systems and
applications; and users in finance, human
resources, and contracts all have access to
different types of sensitive data that can
make them targets.
CONTROL 14
THE SAFEGUARDS
The training should be updated regularly.
14.8 Train Workforce on the
Dangers of Connecting to and
Transmitting Enterprise Data
Over Insecure Networks
N/A
Protect
14.9 Conduct Role-Specific Security
Awareness and Skills Training
N/A
Protect
33
1
2
3
4
5
Asset Type Security Function
1= Asset Type
2= Security Function
3= Implentation Group 1
4= Implentation Group 2
5= Implentation Group 3
Did You Know?
90% of U.S. organisations required or requested most of their users to work from home in
2020, however only 29% train their employees about best practices for working remotely.
We can get your team access to some of the best End-User Cybersecurity training available.
