Nested Knowledge

Bringing Systematic Review to Life

User Tools

Site Tools

Trace:
wiki:policies:security_training

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
wiki:policies:security_training [2022/01/11 18:53]
kholub 		wiki:policies:security_training [2024/04/12 17:15] (current)
kholub
Line 11: Line 11:
 ===== III. Security Awareness Training Policy ===== ===== III. Security Awareness Training Policy =====
  
-Nested Knowledge distributes security policies to all employees and contractors as part of their training. When policies are updated, we ensure that all employees have ready access to the most recent version. All employees with roles in incident response, data protection, or data recovery must sign off on the corresponding policy. We require all remote employees to review the remote access policy.+Nested Knowledge distributes security policies to all employees and contractors as part of their training. Training includes a quiz on the content of each policy. Training is conducted annually, for all policies relevant to an employees job duties. 
 + 
 +When policies are updated, we ensure that all employees have ready access to the most recent version. All employees with roles in incident response, data protection, or data recovery must sign off on the corresponding policy. We require all remote employees to review the remote access policy. 
 + 
 +^Training^Delivered to| 
 +|Acceptable Use of IT Resources|All| 
 +|Incident Response|Incident Response Team| 
 +|Cloud Security|Development Team| 
 +|Information Security|All| 
 +|Wireless Connection|All| 
 +|Secure Development|Development Team| 
 +|Disaster Recovery |Executive Team| 
 +|Security Awareness|All| 
 +|GDPR Compliance|All| 
 +|Remote Access|All|
  
 ==== Developer Training ==== ==== Developer Training ====
Line 17: Line 31:
 Developers are expected to be familiar with common vulnerabilities in web applications, how to detect them, and how to mitigate them. To standardize this expectation, [[https://owasp.org/|OWASP]] modules & guidelines are trained. Specifically: Developers are expected to be familiar with common vulnerabilities in web applications, how to detect them, and how to mitigate them. To standardize this expectation, [[https://owasp.org/|OWASP]] modules & guidelines are trained. Specifically:
  
-  * All developers perform an annual review of the [[https://owasp.org/www-project-top-ten/|OWASP Top 10]]and communicate +  * All developers perform an annual review of the [[https://owasp.org/www-project-top-ten/|OWASP Top 10]] and pass a practical quiz relating to vulnerabilities within. 
-  * Each developer annually completes a randomly selected scenario from the [[https://owasp.org/www-project-web-security-testing-guide/v42/2-Introduction/|OWASP Web Security Testing Guidelines (WSTG)]] on the Nested Knowledge software+  * Each developer annually completes a randomly selected test from the [[https://owasp.org/www-project-web-security-testing-guide/v42/2-Introduction/|OWASP Web Security Testing Guidelines (WSTG)]] on the Nested Knowledge software
       * Scenarios will be selected and assigned by the Technical Lead using our issue management software       * Scenarios will be selected and assigned by the Technical Lead using our issue management software
       * Each scenario includes a description of the threat, and testing methods. The developer inventories surface area, and performs a test/penetration in a development environment, as applicable.       * Each scenario includes a description of the threat, and testing methods. The developer inventories surface area, and performs a test/penetration in a development environment, as applicable.
Line 40: Line 54:
 ^Author^Date of Revision/Review^Comments| ^Author^Date of Revision/Review^Comments|
 |K. Cowie|12/15/2021| | |K. Cowie|12/15/2021| |
 +|K. Holub|4/12/2024|Adding listing of all current policies|
 +
 +[[:wiki:policies|Return to Policies]]
  
  
wiki/policies/security_training.1641927201.txt.gz · Last modified: 2022/01/11 18:53 by kholub

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki