# Training Training is a [[Foundational Capabilities|Human Resources]] capability and foundational dependency for [[Cybersecurity]]. Like other capabilities, cybersecurity scales through people. Because of this, training is an essential element in any organization seeking adversary resilience. More importantly, training is also a foundational pillar for many [[Compliance]] requirements. For this reason, an organization's training platform must be standards compliant to allow for any content to be posted and workers trained on what they need to know. Additionally, training must be conducted to broadly increase the skills of the organization's workforce, which includes building cybersecurity and compliance skills. It is also common for cybersecurity and compliance training to be delegated to a Cybersecurity department through a center of excellence organizational model. ## Map ``` mermaid <!-- element style="width:90%; height:auto" --> graph TD subgraph two[Foundational] subgraph subPadding1[ ] direction LR F[Application Management] G[Asset Management] H[Backup and Recovery] I[Code Management] J[Data Management] K[Device Management] L[Domain Management] M[Email Management] N[Identity and Access Management] O[Log Management] P[Network Management] Q[Policy Automation] R[Stream Processing] S[Third Party Management] T[Training] F ~~~ G G ~~~ H H ~~~ I I ~~~ J K ~~~ L L ~~~ M M ~~~ N N ~~~ O P ~~~ Q Q ~~~ R R ~~~ S S ~~~ T end end %% Class Definitions %% ===================== class two subPadding; classDef subPadding fill:none,font-size:20px; class subPadding1,subPadding2 subgraph_padding; classDef subgraph_padding stroke:none,fill:none,margin:0; class F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T internal-link,font-color:white; class Top cssClassL0; classDef cssClassL0 fill:black,stroke:#333,stroke-width:4px,font-size:15px,font-color:white; class A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T cssClassL1; classDef cssClassL1 fill:gray,stroke:#333,stroke-width:0px,font-size:15px,font-color:white; class T cssClassCurrent; classDef cssClassCurrent fill:#2f9503,stroke:#2f9503,stroke-width:4px,font-size:15px,font-color:white; ``` ## Maturity Model | | Stage 1 | Stage 2 | Stage 3 | Stage 4 | Stage 5 | | ------------- | ------- | --------------------- | --------------------- | ------- | --------------------------------------- | | **Category** | | Workforce Training | Executive Training | | Job Ladders<br><br>Standards Compliance | | **Dependent** | | [[Policy Management]] | [[Simulated Testing]] | | [[Adversary Intelligence]] | ## Requirements This table contains the dependency requirements for Training to provide the foundational support for dependent Cybersecurity capabilities. | Category | Guidance | Dependent Capability | Adversary Persona | | -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------ | ----------------- | | Executive Training | + Ensure executives are included in the organization's training plans.<br>+ Provide format for effective and efficient executive training.<br>+ Ensure Legal reviews are included for any executive training. | [[Adversary Intelligence]] | [[Phishing]] | | Job Ladders | + Ensure that job ladders clearly identify the cybersecurity skills required to support a job role.<br>+ Ensure a skill plan is established for every member of the workforce so that cybersecurity skills can be identified and acquired. | [[Adversary Intelligence]] | [[Phishing]] | | Standards Compliance | + Ensure learning platform complies with content standards so that cybersecurity content can be added to training plans. | [[Adversary Intelligence]] | [[Phishing]] | | Workforce Training | + Ensure annual training is completed for all members of the workforce to achieve compliance with regulatory obligations. | [[Adversary Intelligence]]<br><br>[[Policy Management]]<br><br>[[Simulated Testing]] | [[Phishing]] | ## Metrics >[!cm-metric] Metric: [[Security Culture]] >[!cm-metric] Metric: [[Click Rate]] >[!cm-metric] Metric: [[Training Completion Rate]] >[!cm-metric] Metric: [[Incident Reporting Rate]] >[!cm-metric] Metric: [[Re-infection Rate]] >[!cm-metric] Metric: [[Mean Time to Report]] >[!cm-metric] Metric: [[Test Score]] >[!cm-metric] Metric:[[% of Compliance with Standards]] ## Inspiration & Resources + [SANS Security Awareness Blog Post | Security Awareness Metrics – What to Measure and How](https://www.sans.org/blog/security-awareness-metrics-what-to-measure-and-how/) + [HR and Cybersecurity: Supporting Each Other in Challenging Times (isaca.org)](https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2021/hr-and-cybersecurity-supporting-each-other-in-challenging-times) + [HR’s Increasingly Important Role in Cyber Risk Management (marshmclennan.com)](https://www.marshmclennan.com/insights/publications/2020/july/hr-s-increasingly-important-role-in-cyber-risk-management.html) + [Integrating Cybersecurity into HR Practices: Building Resilient Organizations (eccu.edu)](https://www.eccu.edu/faculty/integrating-cybersecurity-into-hr-practices-building-resilient-organizations/) ## Release Notes + [[WIP - Q3 2024 Release#Document Foundational Capabilities and Develop Templates for sub-pages]] ## [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.