15Awareness and Training (PR.AT)

Cultivating a culture of cybersecurity awareness is akin to arming every individual with the knowledge and tools to act as both shield and sentinel, transforming the collective workforce into a formidable line of defense against the ceaseless tide of cyber threats.

In cybersecurity, the imperative of equipping all personnel with the necessary awareness and skills cannot be understated. This is achieved by establishing comprehensive cybersecurity awareness and training programs as the foundation for cultivating a vigilant and informed workforce. These programs are meticulously designed to integrate fundamental cybersecurity practices into the fabric of general training sessions, utilizing interactive methods to foster engagement and enhance the learning experience. With the landscape of cyber threats constantly evolving, the curriculum undergoes regular updates to reflect the latest emerging threats and trends. Moreover, the initiative extends beyond mere training, embedding a culture of security throughout the organization through mandatory sessions for all employees, continuous awareness campaigns, and a structured feedback system to assess these programs’ effectiveness, laying the groundwork for ongoing improvement in cybersecurity practices.

PR.AT-01: Personnel Are Provided with Awareness and Training So That They Possess the Knowledge and Skills to Perform General Tasks with Cybersecurity Risks in Mind

Cybersecurity awareness and training ...

Get A Comprehensive Guide to the NIST Cybersecurity Framework 2.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.