All members of the company, from the CEO
The lowest-ranking employees, are responsible for minimum cybersecurity. It's easy to get lost among so many acronyms. In any company, there are profiles of security technician, information manager, etc. who are specialized in certain areas of security. For example: The CISO (Chief Information Security Officer) is the director of information security and who aligns security with the company's objectives. The CEO (Chief Executive Officer) is the executive director and ultimately responsible for the actions carried out within the company. The CSO (Chief Security Officer) is responsible for the company's security and has a business vision that understands the risks faced by the company, understands regulatory needs and is aware of changes in regulation, among other things.But what about employee responsibility? On whom do the cybersecurity minimums depend? Minimum employee responsibility regarding cybersecurity is achieved through awareness. At Cibernos, we propose that your organization carry out cybersecurity awareness actions with the following objectives: Promote information security. Promote the ability to demonstrate due diligence of data controllers. Meet information security objectives UK Mobile Database related to human resources. Reduce the probability of suffering security incidents that lead to sanctions, economic losses, and reputational losses. Demonstrate to third parties the organization's commitment to the security of the information it processes. The Cyber Awareness service is defined as an annual cycle as described in the following diagram: annual safety awareness cycle Evaluation of results After the campaign, an evaluation of the results will be carried out based on the click rate and other behavioral criteria that give us an idea of the knowledge and risks to which the organization is exposed in this area in order to immediately address those that be more serious Training We will begin the training and awareness process in several ways, online training through simple videos, posters, advice, etc.
http://www.canaddata.com/wp-content/uploads/2024/03/uk-1.jpg
The organization of in-person talks may be optional. Each of these pills is used to convey useful information about information security and advice or good practices when handling corporate information. Some options are: Confidentiality of information and data protection. Supports. Job. Mobile devices. Cloud environment. Secure purchase on the internet. Email. Posters As part of the organization's awareness process, different types of graphic materials and posters will be distributed in different areas of the organization, especially in those where risks can be observed. Frequently asked tips After carrying out the attack and once they have been aware of it and the possible consequences it could have had if it had been real, the distribution by email of monthly tips that reinforce security awareness will begin. final attack A Phishing attack will be carried out again to see the evolution and improvement achieved compared to the initial attack. Replanning If desired, you can plan for the following year, carrying out a new targeted attack, and reactivating councils, training, etc.
頁:
[1]