Security Awareness Training requirements
Any employees in scope for your audits and compliance frameworks need to complete Security Awareness Training. As a best practice, basic security awareness should be completed by all employees.
Secureframe’s Security Awareness training is meant to meet the standards for security awareness trainings across many frameworks, including but not at all limited to SOC 2, ISO 27001, NIST frameworks, and many more.
Depending on the frameworks you have chosen, a subset of your employees will also have to take specific role-based training as well.
Secureframe Training overview
Employees will watch a series of videos about important security awareness topics and then will be given questions to answer about the content they’ve viewed.
The current videos in Secureframe’s security awareness training include:
- Introduction to Phishing - Phishing is a cyberattack where attackers impersonate trusted entities to deceive individuals into revealing sensitive information like passwords or credit card details.
- How to Protect Against Phishing - To protect against phishing, always verify the sender's identity, avoid clicking on suspicious links, and report potential phishing emails to your IT or security team.
- Ransomware - Ransomware is a type of malicious software that encrypts files or locks users out of systems until a ransom is paid, often causing severe disruptions to businesses.
- Password Management - Strong passwords that are regularly updated and stored securely in a password manager are critical to protecting personal and organizational data.
- Multi-Factor Authentication - Multi-Factor Authentication (MFA) adds an extra layer of security by requiring a second verification step, such as a code sent to your phone, in addition to your password.
- Mobile Device Security - Mobile device security involves using strong passcodes, keeping software updated, and enabling remote wipe features to protect sensitive information in case of loss or theft.
- Misuse of Systems - The misuse of systems, such as accessing unauthorized data or resources, can lead to breaches, loss of trust, and significant security risks for an organizatio
- Insider Threats - Insider threats involve employees or contractors misusing their access to systems, intentionally or unintentionally, to compromise an organization’s security or data.
- Information Spillage - Information spillage occurs when sensitive or classified data is accidentally disclosed or sent to unauthorized individuals, leading to potential data breaches or compliance violations.
Frequently Asked Questions (FAQ)
How long will this training take?
- Secureframe’s Security Awareness training course should not take an employee more than 30 minutes. This includes watching the videos and answering the quiz questions. If employees need to step away during the training, their progress will be saved as they go through each lesson.
What is required to pass this Security Training?
- After each video, the employee will be presented with one question. They must answer the question correctly to move on to the next video. If an answer is incorrect, they can try again.
- The employee will pass the training when all quiz questions are completed. Secureframe automatically tracks when an employee passes their security awareness training.
- Completed training modules are labeled on the employee training page.
Does Secureframe offer free Security Awareness Training?
- Yes, Secureframe offers free access to our Security Awareness Training for all Secureframe customers. This Security Training will help satisfy specific security requirements of most frameworks.
- You can access this training under Personnel Settings > Onboarding tab, then select 'Secureframe' as the vendor.
How do I enable/disable Security Awareness Training?
- As mentioned above, Security Awareness Training is included in all subscriptions, you will simply need to make sure the right vendor is selected and enable training.
- Under Personnel, click the gear icon in the top right corner, then click on the Onboarding tab
- Scroll down to Training, and make sure that is Enabled (or disable)
- Select Secureframe under Vendor and also make sure to add the appropriate Assigned Groups
The Employee Onboarding email takes me to the admin dashboard. How do I access the area where I complete Security training and policy review?
- If you are an Admin, most of your time will be spent in the Monitoring portion of the platform. If you need to complete your annual Security Training, review policies, etc...then Admins will switch over to the Employee portion of the platform.
- To access the Employee section click your avatar in the top right corner, then you will see an option for Employee Onboarding.
I have this Security Awareness Training (At Hire) test that is failing and it says "Empty personnel name?"
- If you are seeing this, it is mostly likely a Security Awarness Training setting not selected.
- Head into Personnel, then click the gear icon, then the Onboarding Tab, then scroll down to Training. You may need to enable and choose a vendor for Security Awareness Training (At Hire) or if you plan to upload manual evidence for this test that is also fine to satisfy the requirement.
- Please note Security Awareness Training is free with Secureframe, just choose us as a Vendor and you can use our integrated solution for testing.
We already have Security Awareness training taking care, how can I disable it from Secureframe?
- If you already have an efficient approach in other applications, you can enable or disable Training from the onboarding screen.
- Instructions are provided here.
Is Secureframe’s Security Awareness training meant for any specific frameworks
- Secureframe’s Security Awareness training is meant to meet the standards for security awareness trainings across many frameworks, including but not at all limited to SOC 2, ISO 27001, NIST frameworks, and many more.
- However, Secureframe’s Security awareness training also includes content for insider threat, anti-counterfeit, and information spillage trainings to meet the requirements as needed for NIST 800-53, NIST 800-171, CMMC, TX-RAMP, and FedRAMP.
- Check our Video Overview for the specific categories covered in our training series here.
We are not planning to invite users to the platform for a long time, how can I upload evidence now?
- Head to the Data Room, then Evidence folder, or create your own folder within the Data Room.
- Inside the folder, you can upload all the necessary evidence. From here, select the relevant employee for whom you are uploading the evidence.
- if you're uploading evidence for a user, mark the evidence type as "Security Training New Hire.
- To learn more, feel free to visit out Data Room.
Related to
Comments
0 comments
Article is closed for comments.