I often write about security awareness training, but it bears repeating periodically. Security awareness training is required by some standards – the PCI DSS is pretty specific about requiring it. Security awareness training for the general employee population on at least an annual basis is a good idea. More technical training for IT or application developers is also a good idea.
There’s some excellent training available these days. We’ve developed our own program that we offer clients for employee security awareness training. We’ve also partnered with organizations to provide specific technical training/LMS.
Our Incident Response/Forensic Practice provides training – First Responder training.
Having a well trained team of employees, from the receptionist to the IT CIRT team, can only help safeguard against the extremely sophisticated attacks that being frequented by the hacker groups these days. And, of course, include all levels within the organization. Sometimes the least “information security aware” employees are among the highest ranking in the organization.
Sr. Account Executive