How to implement the control:
Answer yes if your organisation runs an information security training programme for all of your employees. Please outline the nature and frequency of the training programme in the notes section.
A large number of cyber security attacks involve the manipulation or tricking of your employees into doing an action that compromises your company’s security controls – this is called social engineering.
It is important to train your employees on security good practice and to help them spot and report attacks when they recognise them. Training should include information on the process for reporting an incident within the company and this information should be continuously reinforced using a security awareness programme.
If you would like to contribute to this article or provide feedback, please email email@example.com. Contributors will be recognised on our contributors page.