Does your organization provide privacy or other security training to employees using an internal or external resource?  How often do employees need to attend either of the two training types? 

4.8k views2 Upvotes4 Comments

Assistant Director IT Auditor in Education, 10,001+ employees
Best practices would be to provide security awareness training annually, which will include privacy data awareness and protection. Many organizations would have outside experts provide this training. However, well run organizations (generally big financials or Pharma) would have internal  trainers provide this type of training. Organizations must design their systems with layered protections to minimize the internal threat, such as strict access controls on sensitive data.
Group Chief Information Officer in Construction, 5,001 - 10,000 employees
We do have a
-Weekly security awareness email ( one topic per month)
-Monthly security magazine and
- Quarterly security assessment (sending fishing email and measuring the responses )
-We also run online special trainings for finance, commercial and IT groups
CEO in Manufacturing, 51 - 200 employees
We use KnowBe4 training.  Employees are phish tested every month and sent to remedial training if they fall for a test.  They also do regular training every six months.
Director, Information Security in Education, 1,001 - 5,000 employees
It used to be presented person (and later zoom as a result of COVID) during HR’s orientation or annually for PCI areas . However the LMS HR uses for some regulatory requires training added security training models and we will be shifting to using that.

Content you might like

Fraud mitigation19%

Protection of reputation and brand56%

Protection of consumer data19%

Regulatory or compliance requirements6%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
42.5k views131 Upvotes319 Comments