Is security awareness training on recognizing and reporting potential indicators of insider threat is provided to managers and employees?
Do you deploy an organizationsal employee awareness plan focused on recognizing and responding to threats from social engineering, advanced persistent threat actors, breaches, and suspicious behaviors; update the training at least annually or when there are significant changes to the threat?
Is your awareness plan includes scenarios specific to your business?
Do you collect eployee feedback and training results and adjust accordingly?
Do all employees receive security training on an annual basis?
Do employees with security-related duties receive annual security training on their roles and responsibilities?