Security Awareness Training

KnowBe4 Authorized Partner - Awareness TrainingOne of the weakest links in the security posture of an organization is not the technology that has been implemented, but rather the humans that use the technology. Consequently, making sure that everyone within your organization is aware of basic information security practices as well as your organization’s policies and procedures is of utmost importance. Without this security awareness training, even the best policies, procedures, practices and technology are subject to a quick defeat. Moreover, hackers are getting more and more sophisticated, leading to the proliferation of advanced techniques that can cause ever increasing amounts of damage.

Our Solution

Design Compliance and Security partners with KnowBe4, a leading Security Awareness Training and Simulated Phishing Platform, as a managed service provider that allows us to pair our know-how to operate an awareness program while leveraging their fantastic content. The KnowBe4 Platform provides the following capabilities:

  • Train users on a variety of security topics to help your business become more secure
  • Test users through simulated phishing, vishing and USB based attacks to determine how well the training is utilized in practice
  • Automatically require remedial training for users that fail the simulated security tests

We add value to training programs by:

  • Meeting with you for an implementation setup consultation to configure your training and phishing campaigns
  • Working to manage, monitor and report on your training and phishing campaigns per your specifications
  • Offering a complementary half-hour phone consultation quarterly with one of our security and compliance professionals

Awareness Applicability and Effectiveness

Security Awareness Training is such a vital component of an Information Security program that virtually all recognized security benchmarks and regulations include it:

  • NIST 800-53 (FISMA and FedRAMP)
  • SSAE 18 / SOC 1
  • SOC 2
  • SOX
  • PCI-DSS
  • HIPAA
  • ISO 27001/27002
  • GLBA
  • CobiT
  • NERC CIP
  • State Privacy Laws

Furthermore, a Security Awareness program can take many forms, some more effective than others:

Not Effective: Sending a link or PDF of your Information Security policies to everyone in the corporate address book.
Marginally Effective: Requiring everyone to acknowledge that they have read and agreed to your Information Security policies.
Decent: Requiring all employees and contractors to attend annual training courses that highlight the importance of Information Security policies.
Effective: Including interactive components within the annual training course to determine how well the material was absorbed.
Highly Effective: Test employees and contractors on an ongoing basis for Security Awareness using phishing, vishing and other techniques. For employees that fail testing, require remediation training to reduce the likelihood of future problems.