Security Awareness & Training Controls

Purpose

Bramble develops a security and privacy-minded workforce through continuous user education activities and exercises about evolving threats, compliance obligations and secure workplace practices, in order to refine and improve on existing training and to make sure all Bramble team-members are aligned on the values of the organization.

Scope

This control applies to all Bramble team-members with certain trainings focused on product engineers and product security PMs.

This control applies to all product engineers and product security PMs.

Ownership

Control ownership: People Operations

Process Owner:

  • People Operations are responsible for deploying the process to ensure 100% of employee testing and validating that every Bramble team member has completed training in the current year.
  • Security Operations is consulted for the content and effectiveness of the control.

Controls

Control Number Control Title Control Statement Goal TOD TOE
SAT-01 Security & Privacy-Minded Workforce Bramble Group Corp. has implemented mechanisms for security workforce development and awareness controls. Does the organization facilitate the implementation of security workforce development and awareness controls? 1. Identify policies and procedures responsible for identification and implementation of security awareness and training programs.

2. Examine policies and procedures for: purpose; scope; roles and responsibilities; management commitment; coordination among organizational entities; compliance; and implementation requirements.
1. Examine formal policies and procedures to confirm evidence and document they are reviewed and approved in accordance to TOD.

2. Pull a population of all training records.

3. Examine training records, or other relevant records, for a sample of security training completion based on organized-designed frequency.
  • Test of Design - (TOD) – verifies that a control is designed appropriately and that it will prevent or detect a particular risk.
  • Test of Operating Effectiveness - (TOE) - used for verifying that the control is in place and it operates as it was designed.

Policy Reference