Our organization has defined procedures for maintaining staff's cyber security awareness.These may include e.g. the following things:
Training should focus on the most relevant security aspects for each job role and include often enough the basics, which concern all employees:
The organization has developed guidelines for staff that define the acceptable use of various communication services and aim to prevent the disclosure of confidential information to, for example, a phisher or other third parties.
Personnel must have security guidelines that deal with e.g. the following topics:
Following security guidelines can be monitored either technically or directly by asking / testing employees.
If staff have conflicting goals with the security guidelines, they are unlikely to follow the guidelines.
The organization actively seeks to find poorly functioning guidelines and modify either the guidelines, tools or staff priorities to enable following the guidelines.