Security awareness training must be high on the agenda of best practice when companies fight off cyber threats. Security best practices and most industry regulations like PCI DSS, HIPAA, SOX, ISO require you to demonstrate that your workforce be trained in basic information security and are aware of how to handle sensitive data
PCI DSS Security Awareness Training
PCI DSS Security training for developers is an advanced course that forces the development team to think like an attacker and enforce security as a development priority. The course provides the right tools and techniques to write secure code and develop secure applications that confirm to stringent internal and external security development standards
- PCI-DSSv2 12.6 – Implement a formal security awareness program to make all personnel aware of the importance of cardholder data security.
- PCI-DSS (12.6.1) – Educate personnel upon hire and at least annually. (see below)
- PCI-DSS (12.6.2) – Verify that the security awareness program requires personnel to acknowledge, in writing or electronically, at least annually that they have read and understand the information security policy.
- PCI-DSS (6.5) Develop applications based on secure coding guidelines. Prevent common coding vulnerabilities in software development processes, to include the following.
- PCI-DSS (6.5 a) Obtain and review software development processes. Verify that processes require training in secure coding techniques for developers, based on industry best practices and guidance.
- PCI-DSS (12.9.4) Verify through observation and review of policies that staff with responsibilities for security breach response are periodically trained.
HIPAA/HITECH Security Awareness
With the Final Omnibus Ruling of January, 2013, security awareness and workforce member training has become a critical issue, ultimately requiring covered entities, business associates, and other related parties to get serious about ensuring the safety of PHI. It means that HIPAA finally has real regulatory compliance teeth and enforcement power.
Symosis HIPAA security awareness training educates your workforce and satisfies mandatory HIPAA and HITECH training requirement
- What is HIPAA? Relevance to you, HIPAA Security Rule, HIPAA Privacy Rule, What is Covered Entity, Business Associates? What information should you protect?, How to identify PHI, Penalties for Non-compliance, Good computing practices
- Prevent large fines and public relations nightmares and Educate your workforce and satisfy regulatory requirement
- Delivered on-demand, in-person or a combination of both
- Training customized to your environment and security policies
- Weekly reports to track progress and measure effectiveness
- Deliverables include course content, security best practices documentation and training completion certificates