How to Evaluate the Maturity of Your Security Awareness Training
Transcript:
Every year you’re growing and maturing your security environment. How do you judge the maturity of your information security awareness training? To properly implement a security program that continues to grow with the security needs of your people, ask the following questions. What is your risk and threat environment? What are your compliance requirements? Have you done a knowledge and culture assessment? Have you done a behavior risk assessment? And ask yourself if you have a multilingual component. The answers to these questions will help you determine the maturity of your organization's security environment. As your organization grows more sophisticated and mature, so should your security awareness training. There are models such as SANS Security Awareness Maturity Model, which can assist in how you plan and track the maturity of your security awareness training. It helps you consider the following: Do you have a program? Are you compliance focused? Does it promote security awareness? Is it sustainable? Is it flexible as your requirements change? Work with KirkpatrickPrice to ensure that your security awareness program is capable of growing with your business and your people.
Every year you’re growing and maturing your security environment. How do you judge the maturity of your information security awareness training? To properly implement a security program that continues to grow with the security needs of your people, ask the following questions. What is your risk and threat environment? What are your compliance requirements? Have you done a knowledge and culture assessment? Have you done a behavior risk assessment? And ask yourself if you have a multilingual component. The answers to these questions will help you determine the maturity of your organization's security environment. As your organization grows more sophisticated and mature, so should your security awareness training. There are models such as SANS Security Awareness Maturity Model, which can assist in how you plan and track the maturity of your security awareness training. It helps you consider the following: Do you have a program? Are you compliance focused? Does it promote security awareness? Is it sustainable? Is it flexible as your requirements change? Work with KirkpatrickPrice to ensure that your security awareness program is capable of growing with your business and your people.
Related Videos
Creating a Data Flow Diagram
Creating a Network Diagram
Define a Password Reset Procedure to Authenticate Requests
Define the Boundaries of Your Systems
How To Build Workforce Awareness Around Incident Response
How To Govern the Use of Mobile Devices
Improve Your Security Policy With FBI CJIS
Maintain Logs for Audit Accountability
PCI Requirement 10.9 – Document Policies & Procedures for Monitoring Access to Network Resources
PCI Requirement 11.6 – Ensure Security Policies for Security Monitoring are Documented
PCI Requirement 12- Maintain a Policy that Addresses Information Security for All Personnel
PCI Requirement 12.1 & 12.1.1 – Establish, Publish, Maintain, and Disseminate a Security Policy
PCI Requirement 12.3 – Develop Usage Policies for Critical Technologies
PCI Requirement 12.3.1 – Explicit Approval by Authorized Parties
PCI Requirement 12.3.10 – Prohibit the Moving of Cardholder Data onto Local Hard Drives
PCI Requirement 12.3.2 – Authentication for Use of the Technology
PCI Requirement 12.3.3 – A List of All Such Devices and Personnel with Access
PCI Requirement 12.3.4 – A Method to Accurately Determine Owner, Contact Information, and Purpose
PCI Requirement 12.3.5 – Acceptable Uses of the Technology
PCI Requirement 12.3.6 – Acceptable Network Locations for the Technologies
PCI Requirement 12.3.7 – List of Company-Approved Products
PCI Requirement 12.4 – Ensure Security Policies & Procedures Define Responsibilities for All
PCI Requirement 12.5.1 – Establish, Document, and Distribute Security Policies and Procedures
PCI Requirement 12.6.2 – Require Personnel to Read and Understand Security Policies and Procedures
PCI Requirement 5.4 – Ensure Security Policies and Procedures are Known to all Affected Parties
PCI Requirement 6.7 – Ensure Policies & Procedures for Systems Are Documented, in Use & Known
PCI Requirement 9.10 – Ensure Policies for Restricting Physical Access to Cardholder Data are Known
Physical Security Policy in a Remote World
Prepare for a Formal Audit
Publish and Maintain an Information Security Policy
Quarterly Reviews of Your Security Program
The Components of a System Security Plan
The Importance of Following a Remote Access Policy
The Importance of Keeping Security Training Records
The Importance of a Perimeter Security Monitoring Policy
Use Alerts to Enforce Your Access Control Policy
Verify Internal Log Processes
