The Cyberspace Security Talent Education Alliance of China
The Cyberspace Security Talent Education Alliance of China (hereinafter referred to as the Education Alliance) is jointly initiated and established by more than 80 universities and scientific research institutions, enterprises and public institutions, and government institutions engaged in cyberspace security industry in China under the support and guidance of China industry-University-Research Institute Collaboration Association and the leadership of Academician Binxing Fang (the convenor of the first-level discipline of cyberspace security in the Ministry of Education). The Education alliance aims to play the role of bridge and link, organize and mobilize relevant institutions in the field of cybersecurity, carry out talents education, training, cultivation, certification and employment, explore scientific and feasible network personnel training mode, to provide support for the development of national cyberspace security.
The necessity of security awareness professionals training
According to Gartner’s latest projections, released in July, 60 percent of large organizations will have comprehensive security awareness training programs by 2022, with at least one full-time person responsible for security awareness. However, Chinese government and enterprise organizations generally have not set up full-time positions of security awareness, and IT/ security departments usually temporarily transfer relevant personnel to carry out security awareness work in stages to meet the requirements of compliance or supervision. Moreover, the security awareness personnel often lack of the scientific, systematic methodological guidance, and the investment of time and energy is limited, the promotion of security awareness work also meets with resistance and low enthusiasm and participation of employees. Security awareness cannot be effectively communicated and instilled into the daily work of every employee, thus affecting the behavior of employees. In the practice of enterprise internal security management, many enterprises focus on “technical defense”, and put most of the security budget and resources into the procurement and deployment of software/hardware security solutions, and selectively ignore or do not have the relevant budget to invest in “civil defense”. In fact, “civil defense” and “technical defense” are in the same important position, the problem solved by security technology is always limited. It is widely believed that 90% of corporate data breaches and cyber attacks are caused by human factors. The easiest and most effective way for hackers to launch cyber attacks is to attack the weakest link in the enterprise – people. Therefore, the best first security defense means is to enhance the security awareness of all staff, form a comprehensive security awareness solution, and achieve the purpose of all staff actively defending network risks.
Security Awareness Officer Training Introduction
Security Awareness Officer training, a pilot launched by the Cyberspace Security Talent Education Alliance, is the first training courses for Security Awareness professionals in China to help enterprises professional who is responsible for the construction of Security Awareness and Security Culture improve their professional knowledge, experience and skills, including:
Assess the human factor risk of the organization, the maturity of corporate cybersecurity culture, and the maturity of security awareness plan;
Create a continuous communication plan to get the attention and support from the management and all employees;
Create appropriate integrated marketing plans and content plans to attract the enthusiasm of employees from different departments/positions to participate in awareness plans;
Combine security awareness plan with organizational culture, security strategy, assessment and incentive mechanism to strengthen the implementation of security awareness plan;
Select the best combination of security awareness program indicators to measure its effectiveness and influence;
Evaluate and select appropriate third-party suppliers to achieve platform/content/service delivery;
Use education, behavioral science, etc. to promote employee behavior change.
By enhancing the security awareness of all employees to reduce the risk of user data and privacy disclosure, and help build the trust of users to the enterprise;
Establish the baseline of employee security behavior to reduce the security risk of human factors, and promote the construction of corporate security culture;
Empower employees and enhance the ability of employees to identify and respond to network security risks, to create enterprise “human firewall”, “human sensor”.
For an individual
Enhance employees’ security awareness knowledge and skills and become the “first line of defense” to protect enterprise network security! ;
To help employees master the security awareness education methodology and practical skills generally recognized by the industry;
To help employees develop safe behaviors at work and in life, so as to protect the security of personal information and assets.
Chief Information Security Officer, Director of Information Security, Information Security Manager
Corporate Culture Development/Culture Communication Manager
Manufacturers of Security Awareness Education Services
This course covers six knowledge domains: requirements and challenges of security awareness, terms and concepts related to security awareness, security awareness and behavioral science, planning of security awareness plan, implementation of security awareness plan, and management of security awareness plan.
Course outline (half-day course)
Part 1: Basic Knowledge of Security Awareness
Introduction of security awareness training market at home and abroad, relevant laws and regulations
The present situation and pain point of security awareness education plan and training in enterprises
International standards/guidelines for security awareness – general terms and concepts for security awareness
Common awareness topics included in the security awareness program – responsibility and competency requirements of security awareness professionals
Enterprise network security culture maturity model – enterprise security awareness program maturity model
Security awareness program life cycle and project management – research in consciousness, psychology and behavioral sciences
Part 2: Create a Security Awareness Program
Assess whether the current security awareness program meets relevant compliance and audit requirements
Understand the organizational background and business objectives of the enterprise, and evaluate the enterprise’s current network security culture, security awareness level, risk of human factor, security incident cause analysis, gap analysis, input-output analysis, etc.
Build security awareness steering committee/project team with support from management and key stakeholders
Collect and analyze the post characteristics and awareness requirements of each business department
Planning awareness planning goals, budgets, key milestones, etc.
Plan annual program, implementation scope/training target, training content, delivery method, communication method
Choose the appropriate measure index of security awareness plan and choose the reasonable performance index
Develop security awareness policy/baseline, incentive plan, and incorporate security awareness into assessment plan
Set up a proper reporting and communication mechanism to manage stakeholder expectations