Many information security research analysts have indicated that the root cause of several security incidents experienced by organizations is their personnel. The analysts further indicate that many of the security incidents could have been prevented if involved personnel were sufficiently trained and aware of the implications of their actions.

Security awareness training is a key mechanism that should be employed by Responsible Entities to reduce the likelihood of experiencing security incidents, which is one reason why compliance initiatives requires that personnel having authorized cyber access or unescorted physical access to critical cyber assets must have an appropriate level of training and security awareness. Many compliance requirements further require that Responsible Entities must develop and implement a security awareness program that addresses concerns related to cyber security; a cyber security training program for affected personnel that addresses policies, access controls, procedures for the proper use of critical cyber assets, physical and electronic access to critical cyber assets, proper handling of asset information, and recovery methods after a cyber security incident; and a personnel risk assessment program for all personnel having access to critical cyber assets.

• Employees and business partners may be unaware of the ramifications their daily business activities may have on the security of cyber critical assets.
• Information breaches are often caused by unintentional employee activities.
• Security-responsible personnel may lack necessary skill set.
• Management wants to signal to employees, shareholders, and suppliers their commitment to operational security.

Encari trains your workforce to build awareness, develop skills, and exhibit appropriate behavior to protect information and critical cyber assets, respond adeptly to intrusions, and reduce the frequency and severity of security incidents.