Part of the Cyber Maturity series of articles, this section focuses on the User Education and Awareness.
Quoting the 10 Steps to Cyber Security Guidance Sheets:
Unfortunately the use made by employees of an organisation’s Information and Communications Technologies (ICT) brings with it various risks. It is critical for all staff to be aware of their personal security responsibilities and the requirement to comply with corporate security policies. This can be achieved through systematic delivery of a security training and awareness programme that actively seeks to increase the levels of security expertise and knowledge across the organisation as well as a security- conscious culture.
The specific recommendations are:
- Produce a user security policy
- Establish a staff induction process
- Maintain user awareness of the cyber risks faced by the organisation
- Support the formal assessment of Information Assurance (IA) skills
- Carry out pre-employment screening
- Monitor the effectiveness of security training
- Promote an incident reporting culture
- Establish a formal disciplinary process
What are your experiences in this area? How are you managing these controls?
Please share with the community in the comments area below.
Where is good practice referenced? Please let the community know in the comments area below.
The pages referenced in this series of blog articles are derived from the 10 Steps to Cyber Security Guidance Sheets published by BIS and GCHQ in this press release.
The documents are Crown Copyright and used here with permission under the government open license.