The Security Awareness and Training Policy defines the information security awareness program and training for staff, third parties, and customers of the Member Organization. The policy requires Netspective Communications LLC to train its employees on securely operating the Netspective Communications LLC systems and implementing information security controls. [FII-SCF-023-SAT-01]
Security Awareness
Netspective Communications LLC policy requires providing up-to-date and comprehensive security reminders and awareness training to all its workforce who work with Netspective Communications LLC, at least once every six months or during onboarding for any new employee.
- Netspective Communications LLC will develop and distribute security awareness programs periodically. These programs will cover security best practices, notification of potential threats, possible viruses, and reminders for reporting potential security incidents.
- Netspective Communications LLC will use various delivery methods like email, newsletters, videos, and boards to deliver these programs. All employees will be required to view security training media when offered and may need to take a test on security issues.
- Security awareness sessions will cover various topics, including the definition and importance of security, phishing, malware, and other attacks, security policies, information security controls and processes, significant risks to information systems and data, security best practices, legal and business responsibilities related to information security, new information security controls, changes in significant security controls, changes in information security legal or business responsibilities, new threats or risks that arise against Netspective Communications LLC, changes in the Privacy and Rules of regulations, security dos and don’ts, and the role of individuals in protecting information assets.
Security Training
-
Netspective Communications LLC will ensure that all its employees who access, receive, transmit or otherwise use information assets have received appropriate security training. The training will cover security policies and procedures, individual security responsibilities, common security threats and vulnerabilities, dismissal policy, confidentiality, integrity, and availability, and risk management.
-
Employees who set up, manage or maintain systems and workstations will also receive training on password structure and management procedures, security procedures for server, desktop computer, and mobile computer systems, including security patch and update procedures and virus and malicious code procedures, email management, security by design during software development, coding guidelines, OWASP, penetration testing methods, security tools, effective usage of network, device, and media control procedures, and incident response and reporting procedures.