Cyber Security Awareness Compliance
NIST: Security Awareness Training Pathways
Cyber Security is now becoming a strategic element in corporate governance policies. The importance of proper prevention against cyber attacks is a determining element for every company, whatever its size.
For this reason, the Cybersecurity Framework of the NIST (National Institute of Standards and Technology) represents a useful guide to support public and private organisations in managing risks related to information security.
One of the Core Functions of the NIST Framework (RESPOND) deals with the importance of developing a correct culture of safety in all personnel, regardless of the responsibilities of the individual.
For this to happen, however, it is necessary to provide periodic and updated training that deals with the human factor as an essential element of prevention against cyber threats.
To meet this need, Cyber Guru offers training courses that provide all the tools you need to recognise cyber risks and adopt correct behaviours.
GDPR: Security Awareness to ensure compliance
The growing number of cyber threats and attacks has highlighted how necessary it is for any type of company to implement courses designed to increase the level of security. Compliance with the GDPR (General Data Protection Regulation) for the protection of personal data is part of this path that concerns not only technologies, but also processes and people.
The GDPR provides for mandatory training programmes that take into account not only specialist training for the main professional figures provided for in the GDPR, but also broader training. Training aimed at raising awareness among all employees of an organisation about the value of the protection of personal data and its conscious use.
It is for this reason that Cyber Guru’s training programmes focus on responsible use of the Internet to protect privacy and sensitive data.
The NIS Directive
In 2018, the European Directive 2016/1148 on the security of networks and information systems, better known as the NIS Directive, came into force.
All Essential Services Operators, subject to the NIS Directive, and in particular for their CISOs, are required to comply with the guidelines for the management of risks, prevention and mitigation of incidents that have a significant impact on the continuity and provision of essential services.
The guidelines for Essential Services Operators are based on the National Framework for Cybersecurity, which includes among the essential cyber security controls the training and awareness of personnel, to ensure that they are properly informed and trained on the risks of cyber security and the practices to be adopted.