If you work in any regulated industry, medical, finance, energy, transportation, government, etc. your company is required to provide ongoing security awareness and training (SAT). Often this is misidentified as security awareness training without the “and”. Security awareness is typically provided through on-going emails, newsletters and posters that address different aspects of security. The training part is more formal, it often includes a lecture and a basic test required to prove that employees understand security topics that apply to their organization. For many years, we have been recommending the SANS.org OUCH! Newsletter, to fulfill part of the awareness function.
The OUCH! Newsletter is free. As an additional control, we recommend that one person be responsible to distribute the newsletter to all employees. Employees are then required respond back via email that they have read the newsletter. The replies are then logged. It is important to log the acknowledgments as proof that your organization is in compliance with its policies.
For more information and to sign up for the newsletter, follow this link
https://www.sans.org/security-awareness-training/ouch-newsletter
