Information Technology → Cyber Security

Cybersecurity Awareness (CS1010)


Description

Training employees is part of the risk assessment tools from the FFIEC and the NIST. For instance, the FFIEC’s Cybersecurity Maturity Assessment Process includes Domain 1: Cyber-Risk Management and Oversight which states that “cyber-risk management and oversight addresses the board of directors' (board's) oversight and management's development and implementation of an effective enterprise-wide cybersecurity program with comprehensive policies and procedures for establishing appropriate accountability and oversight”.

A key part of cyber-risk management and oversight is “training and culture” which includes the institution’s “employee training and customer awareness programs contributing to an organizational culture that emphasizes the mitigation of cybersecurity threats.” The NIST cybersecurity framework also includes protecting against cyber threats through cyber awareness and training.

Cyber-threat training and awareness programs should be structured to modify or even change behavior for some employees. For instance, employees may click on malicious email links without evaluating the risk embedded in the link. Awareness training should reinforce how to avoid clicking on malicious links and procedures for reporting the fraudulent email.

To assist bankers with the training and awareness component of their cybersecurity risk management program, this course focuses on methods for developing and administering an in-house cybersecurity training and awareness program. Although there are third-party vendors that can assist with this type of program, it is the responsibility of management and the board to have an effective in-house training and awareness program in place.

Content
  • Cybersecurity Awareness Course Overview
  • Learning Objectives
  • Identify Your Cyber Risks
  • Establish Cybersecurity Policies
  • Establish User Roles and Responsibilities
  • Communicate Institution’s Cybersecurity Commitment
  • Glossary
  • Review Questions
  • Review Questions with Answers
  • Assessment Questions
  • Course Evaluation
Completion rules
  • All units must be completed
  • Leads to a certification with a duration: Forever