Establish, document, approve, communicate, apply, evaluate and maintain a security awareness training program for all employees of the organization and provide regular training updates.
Security awareness training should educate personnel about their responsibilities and the necessary means for securing corporate assets. Security awareness training should consider the roles and responsibilities of organizational members. Training may include a test to measure personnel’s understanding of the responsibilities and protections required to secure corporate assets. This evaluation may be used to improve training and verify that relevant knowledge transfer occurs. Additionally, a training attendance registry should be maintained.
- Examine the security awareness training program for adequacy, currency, communication, and effectiveness.
- Verify, by Interviews or otherwise, that the training program has been implemented.
- Verify that the scope of the training program extends to all employees.
- Examine policy and procedures for evidence of review.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.