Training and Awareness
CRA-5.8.30
Licensees must evaluate improvement in the level of awareness and preparedness to deal with cyber security risk to ensure the effectiveness of the training programmes implemented.Added: April 2023CRA-5.8.31
The
licensee must ensure that all employees receive adequate training on a regular basis, in relation to cyber security and the threats they could encounter, such as through testing employee reactions to simulated cyber-attack scenarios. All relevant employees must be informed on the current cyber security breaches and threats. Additional training should be provided to ‘higher risk staff’.Added: April 2023CRA-5.8.32
The
licensees must ensure that role specific cyber security training is provided on a regular basis to relevant staff including:(a) Executive board and senior management;(b) Cyber security roles;(c) IT staff; and(d) Any high-risk staff as determined by thelicensee .Added: April 2023
