Controls

Terug naar overzicht
Version

SB.8.010 Secure behavior

Human Resource Security
Low
Low
Low
Organisation
v2.0 (Q1 2024)

Description

The organisation has a coherent awareness program that identifies the knowledge relevant to information security various stakeholders must have, the ways to measure the current level of knowledge, and includes planning and organisation of interventions to maintain and increase the knowledge to desired levels.

Specification

Awareness programs cover: appropriate handling of information, how to detect and respond to potential incidents, secure working practices, information security policies.

Simulated attacks, such as phishing emails, can be used to measure awareness and as a form of intervention to improve knowledge at the same time. Training is given at least once during onboarding of new hires and periodically depending on the role and risks involved. Secure working training is, as much as feasible, tailored to the target audience.

Training is given at least once during onboarding of new hires and periodically depending on the role and risks involved. Secure working training is, as much as feasible, tailored to the target audience.