The recent ransomware attacks and the related impact on business emphasizes the challenges organizations face to implement technical and administrative controls to protect their networks in an ever-changing threat landscape.
The Federal Information Security Management Act requires each federal agency to develop, document, and implement a cybersecurity awareness training program. With the alarming proliferation of cyber threats across the world, the question becomes: Is this enough? Should federal legislators enact laws that extend beyond the Government and industry specific regulations to establish mandatory frameworks to dramatically strengthen the cybersecurity of those private corporations that comprise the nations critical infrastructure?
If such legislation is enacted, how would progress or success be measured? Addressing those questions and highlighting best practices for maturing and proving that your cybersecurity awareness training is actually working is what this lecture intends to do.