Cyber Security Awareness Compliance
NIST: Security Awareness training courses
Cyber Security is now becoming a strategic element in corporate governance policies. The importance of proper prevention against cyber attacks is a determining factor for any company, whatever its size.
For this reason, the NIST (National Institute of Standards and Technology) Cybersecurity Framework is a useful guide to support public and private organisations in managing cyber security risks.
One of the NIST Framework's Core Functions (RESPOND) deals with the importance of developing a proper security culture in all personnel, regardless of the individual's responsibilities.
For this to happen, however, it is necessary to provide regular and up-to-date training that addresses the human factor as an essential element of prevention from cyber threats.
To meet this need, Cyber Guru proposes training courses that provide all the tools needed to recognise cyber risks and adopt the correct behaviour.
GDPR: Security Awareness to be compliant
The increasing number of cyber threats and attacks has highlighted how necessary it is for any type of company to implement paths aimed at increasing the level of security. Compliance with the GDPR (General Data Protection Regulation) for the protection of personal data is part of this path, which concerns not only technologies but first and foremost processes and people.
The GDPR provides for obligatory training programmes that take into account not only the specialised training for the main professional figures envisaged in the GDPR, but also broader training. Training that is geared towards making all employees of an organisation aware of the value of personal data protection and its conscious use.
It is for this reason that Cyber Guru's training programmes focus on the responsible use of the Internet to safeguard privacy and protect sensitive data.
The NIS Directive
In 2018, the European Directive 2016/1148 on Network and Information System Security, better known as the NIS Directive, came into force.
All Essential Service Operators, subject to the NIS Directive, and in particular for their CISOs, are required to comply with the guidelines for risk management, prevention and mitigation of incidents that have a major impact on the continuity and delivery of essential services.
The guidelines for Essential Service Operators are based on the National Cybersecurity Framework, which includes among the essential Cyber Security controls the training and awareness of personnel, so that they are adequately sensitised and trained on Cyber Security risks and practices.