03) Do employees receive an information security training programme?
HR Security Training Awareness
Written by Haydn Brooks
Created on March 18, 2019
Modified on September 3, 2020

Answer yes if your organisation runs an information security training programme for all of your employees. Please outline the nature and frequency of the training programme in the notes section.

A large number of cyber security attacks involve the manipulation or tricking of your employees into doing an action that compromises your company’s security controls – this is called social engineering.

It is important to train your employees on security good practice and to help them spot and report attacks when they recognise them. Training should include information on the process for reporting an incident within the company and this information should be continuously reinforced using a security awareness programme.

How to implement the control:

There are a number of security training providers online who offer products and services to train your employees to spot and report cyber security incidents.

Examples include Immersive Labs and Bob’s Business.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.