CSW S1, E33 - What Is Security Awareness Training and Why Is It Important?

Fred Cobb – CISO and VP of Services, InfoSystems

Rob Ashcraft – Sr. Cyber Security Strategist

This episode of the Cybersecurity Weekly Podcast is Part 17 of our series on the Center for Internet Security Top 20 Controls. Here's a quick list of where we're at:

Basic CIS Controls 1-6
Foundational CIS Controls 7-16
Organizational CIS Controls
17. Implement a Security Awareness and Training Program

In this episode, Fred and Rob discuss the first Organizational CIS Control, Implement a Security Awareness and Training Program. This control is used to develop and execute a plan for a security awareness and training program. This control is useful for those at all levels of an organization. Implementing a Security Awareness and Training Program is most impactful when a company has taken action against the first 16 CIS Controls (following the CIS Top 20 Cybersecurity Controls).

As a human being, you're prone to make mistakes. Especially if the situation involves strong emotions, urgency, or being uninformed. Cyber attackers know and use this information to their advantage. After all, this is when people are most vulnerable to being influenced or coerced. This is why security awareness training is so important. Not only are employees at all levels educated on how to watch for attacks, but they are educated on Cybersecurity. Which helps foster a culture of security. But you can be thinking logically, without urgency, be informed and still fall prey to a cyber attack. Especially if you haven't invested in closing gaps within your organization's systems, processes, and operations. It's necessary that your organization also look at and analyze any gaps while also training employees. Security needs to be a multi-layered approach.

Tools such as the KnowBe4 Security Awareness Training and KnowBe4 Enterprise Awareness Training Program can make the difference between a successful cyber-attack and attempted cyber-attack. KnowBe4 is a trusted technology partner of InfoSystems. More than that, we utilize the KnowBe4 training program because of its simple, focused approach.

You can implement these CIS controls yourself, but it may cost you a substantial amount of time, money, and effort. There are Cybersecurity experts who specialize in getting these controls set up for hundreds of organizations.

Listen to the full episode to learn how your business can begin following the Center for Internet Security Top 20 Controls and make your company more secure.

More Information
We'd love to hear your feedback. If you have any questions, you can text us at 423-697-9528 or email marketing@infosystems.biz.

This episode discusses Control 17 of the CIS (Center for Internet Security) "Top 20 Controls." The Top 20 Controls are a set of prioritized best practices designed to help organizations protect themselves from cyber-attacks. It is a framework for every organization, whether you have a full department of IT support or don't have security programs or measures in place. You can learn more about the 20 CIS Controls here.

See the break-down of these CIS Controls' Sub-Controls here.

Discover how other organizations are using these controls here.

Download the CIS Controls for more details on implementing this and the other 19 Controls here.