The Bramble security awareness training program provides ongoing trainings to Bramble team members that enhances knowledge and identification of cybersecurity threats as well as helps identify social engineering vulnerabilties where additional education is provided. Security Awareness Trainings are provided by an external vendor that will help satisfy external regulatory requirements and bolster customer assurance.

Overview

Bramble’s security governance discipline helps to define, train and measure security strategies and progress toward security objectives by creating a set of processes and practices that run across teams and functions.

Security awareness training seeks to educate Bramble team-members with the information they need to protect themselves and Bramble from loss or harm. The purpose of the annual training is to mature our internal security posture through regular training while satisfying external compliance and regulatory requirements.

When will security awareness trainings occur?

General Security Awareness training will occur annually in Q2 of each fiscal year.

Prior to the security awareness training taking place, a general notification to the Bramble organization will be posted to the #whats-happening-at-bramble Slack channel.

Who will receive the annual security awareness training?

All Bramble team-members should be aware of the importance of their role in securing Bramble on a daily basis, and to empower them to make the right decisions with security best-practices. All employees of the Bramble organization hired prior to June 1 of the current year will receive an email from our training vendor. All Bramble employees hired after June 1 of the current year will have just completed their New Hire Security Awareness Training and therefore will not be requried to take the annual security awareness training until the following year.

How long with the training take?

The security awareness training has been limited to 30 minutes in an effort to find the best return of security investment from team-member’s time.

What will be covered in the training?

There will be a Bramble-specific introduction module followed by industry-standard training. There will be a short quiz to identify what you have learned.

• Special topics covered:
  • Suspected phishing
  • Acceptable Use
  • Device Lost or Stolen?!
    • email: panic@brmbl.io
  • Data Classification
  • No Red Data on Unapproved Locations

What happens if training is not completed?

The training will be available for 30 days. If the training is not completed, Security Assurance will send weekly reminder notifications requesting completion of the training. If required, we will communicate incomplete assigned trainings to managers for assistance with completion. Demonstration of a completed training supports compliance with the Security Awareness Training program and will strengthen our regulatory requirements.

Security Awareness Training Metrics

The Security Compliance team will track the annual security awareness training completion rate. Once the training campaign has completed, the Security Compliance team will provide results in the Security Assurance project.

Questions and Answers

Why was I chosen?

• All Bramble team members will be required to complete our security awareness trainings whether it be during New Hire Orientation or annually.

I just took New Hire training, why do I have to take it again?

• We realize that recently onboarded team-members have gone through the new hire security training, but there is additional content in this general security awareness training that we think is valuable to everyone, so anyone hired prior to June 1, will be required to complete the training.

I don’t want to be included, how do I remove myself?

• All Bramble team members have the responsiblity to help keep themselves, team members, the company and the customer secure; all are required to complete assigned training.

Will I be publicly shamed?

• No, we will never post or create metrics which will associate a team member success or failure with a training. If we release metrics company-wide, we will generate non-identifying metrics to be shared internally and public-facing.

How can I provide Feedback on my experience?

• Please feel free to add any feedback, comments, concerns on this feedback issue.

Additional Questions, Comments, Concerns?

Please reach out to the Security Compliance team!