This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
wiki:policies:security_training [2022/01/11 18:53] kholub |
wiki:policies:security_training [2023/09/28 21:07] kholub |
||
---|---|---|---|
Line 11: | Line 11: | ||
===== III. Security Awareness Training Policy ===== | ===== III. Security Awareness Training Policy ===== | ||
- | Nested Knowledge distributes security policies to all employees and contractors as part of their training. When policies are updated, we ensure that all employees have ready access to the most recent version. All employees with roles in incident response, data protection, or data recovery must sign off on the corresponding policy. We require all remote employees to review the remote access policy. | + | Nested Knowledge distributes security policies to all employees and contractors as part of their training. |
+ | |||
+ | When policies are updated, we ensure that all employees have ready access to the most recent version. All employees with roles in incident response, data protection, or data recovery must sign off on the corresponding policy. We require all remote employees to review the remote access policy. | ||
==== Developer Training ==== | ==== Developer Training ==== | ||
Line 17: | Line 19: | ||
Developers are expected to be familiar with common vulnerabilities in web applications, | Developers are expected to be familiar with common vulnerabilities in web applications, | ||
- | * All developers perform an annual review of the [[https:// | + | * All developers perform an annual review of the [[https:// |
- | * Each developer annually completes a randomly selected | + | * Each developer annually completes a randomly selected |
* Scenarios will be selected and assigned by the Technical Lead using our issue management software | * Scenarios will be selected and assigned by the Technical Lead using our issue management software | ||
* Each scenario includes a description of the threat, and testing methods. The developer inventories surface area, and performs a test/ | * Each scenario includes a description of the threat, and testing methods. The developer inventories surface area, and performs a test/ | ||
Line 40: | Line 42: | ||
^Author^Date of Revision/ | ^Author^Date of Revision/ | ||
|K. Cowie|12/ | |K. Cowie|12/ | ||
- | |K. Holub|1/11/2022|Added Dev Security Training Practices| | + | |K. Holub|1/25/2023|Updated |
+ | |||
+ | [[: | ||