Summer Regulatory Summit eBook

Additional Considerations

• Control (Governance - Training) : o What information security awareness training, specific to passwords, has been implemented at the Organization? What testing is performed to validate effectiveness of training? • Recommendation : o The Organization should ensure password training is integrated within the overall Information Security Awareness Training Program, specifically addressing password complexity and strength, phishing awareness, use of password managers, social engineering tactics, and regular training and refreshers. o Additionally, the Organization should regularly assess user knowledge through both education and practical exercises.

© SBS CyberSecurity, LLC www.sbscyber.com

36