What business units have you collaborated with to develop/improve end-user security awareness training and what has been your experience?

Awareness & TrainingRisk Management
890 viewscircle icon2 Upvotescircle icon3 Comments
Sort by:
VP of IT in Manufacturing2 years ago

HR as they are primarily responsible for training. Secondly, plant OT team and then Sales and marketing team.
Any department which deals in confidential data, should be made aware of end user Cyber security awareness training.

Associate Vice President, Information Technology & CISO in Education2 years ago

One of the key stakeholders you want to engage with is HR. They will be able to support your plans to ensure cybersecurity awareness training is built into any performance objectives of the organization as well as ensure you can enforce any type of compliance (e.g. punitive in nature if a serious offense occurs).

Depending on the organization, you'll also want to engage the existing team that handles learning, training, awareness, and education aspects. Some places have a dedicated group, some have it within HR or marketing. Wherever it is, you'll want to work with them to ensure you have an aspect of cyber tied into what they are doing.

Good luck.

Lightbulb on2 circle icon1 Reply
no title2 years ago

Completely agree. We always leveraged HR and the IT team that developed all types of internal training.

Lightbulb on1

Content you might like

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

Have you found privileged access management more difficult than identity access management?

Much more difficult2%

Somewhat more difficult42%

Slightly more difficult22%

No difference17%

Slightly less difficult13%

Somewhat less difficult1%

Much less difficult

Unsure

View Results

Are you using GitOps in your organization?

Yes, we are GitOps mature19%

Yes, in some instances46%

No, we don't have a use-case for it20%

No, it's too expensive or cumbersome5%

No, and I'm unfamiliar with the term "GitOps"7%

View Results

How are you diversifying threat intelligence sources? Have you been able to reduce reliance on CISA for TI?