Strike Graph

What is the All-Hands Security Training control?

Strike Graph's default control language is: "Employees and contractors complete security-related training, as relevant to their duties, upon hire and on an annual basis. The annual security training includes information on how to report security incidents and concerns."

This <a href="https://help.strikegraph.com/en/articles/6610749-how-to-customize-your-control-language">language should be customized</a> to reflect the specific process that your organization has defined. For example, if your organization's security training contains different content or occurs at a different frequency, then you should update the control language to reflect that. It's important that your stated control description accurately reflects how your organization implements this control.

Most IT Security frameworks require employees to undergo security training. Regardless of which framework you are pursuing, training makes great business sense. Human error is the leading cause of security breaches, but you can mitigate this risk by providing the awareness and tools to keep your staff informed and out of the news.

Who's involved with this control?

Typical Control Owner:  CTO (or equivalent) - for training oversight

- HR director - runs the training program 
- HR Admin - ensures that new hires take the training 
- Security Manager - delivers to all hands, all staff, and (as appropriate) contractors - participants 

- Typical Control Owner:  CTO (or equivalent) - for training oversight
- Typical Parties Involved: 
  - HR director - runs the training program 
  - HR Admin - ensures that new hires take the training 
  - Security Manager - delivers to all hands, all staff, and (as appropriate) contractors - participants 

All employees should participate in an annual data and IT security training. Each new hire should also take the training as part of their onboarding. You can choose to use a third party training provider OR you can create your own training program.

Training should include: phishing examples, do’s and don’ts, common attacks and what to watch out for. Successful training will be interactive, include real world examples, and could even include a few YouTube videos. 

When preparing the training materials, ensure that all other relevant content is completed prior to the training. For example, if you are including incident response procedures, ensure that the IR plan is complete. 

Include guidance on what employees should do if they think there has been a security incident, as well as what they should do in the event of a natural disaster.

Hot tip: If you are on a SOC 2 path, the best time to hold the all hands training will be about 45 days prior to the end of the audit period.

Reach out to your Customer Success Manager via email or the chat widget. 

How to efficiently operationalize this control, and why it’s important

Deep Dive - All-Hands Security Training

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Deep Dive - All-Hands Security Training

What is the All-Hands Security Training control?

Why is this control important?

Who's involved with this control?

How do I perform this control?

Want to learn more?