mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-11 10:03:42 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,49 @@
|
||||
# Standards & References: Anti-Phishing Training Program
|
||||
|
||||
## NIST Guidelines
|
||||
- **NIST SP 800-50**: Building an Information Technology Security Awareness and Training Program
|
||||
- **NIST SP 800-16**: Information Technology Security Training Requirements
|
||||
- **NIST SP 800-53 Rev.5**: AT-1 through AT-6 - Awareness and Training family
|
||||
|
||||
## Regulatory Requirements
|
||||
- **PCI DSS 4.0**: Requirement 12.6 - Security awareness training for all personnel
|
||||
- **HIPAA**: 45 CFR 164.308(a)(5) - Security awareness and training
|
||||
- **SOX**: Section 404 - Internal controls requiring security awareness
|
||||
- **GDPR**: Article 39(1)(b) - Data protection awareness training
|
||||
- **CMMC 2.0**: AT.L2-3.2.1/2/3 - Awareness and training practices
|
||||
- **FFIEC**: Information Security Handbook - Security awareness training
|
||||
|
||||
## Industry Frameworks
|
||||
- **SANS Security Awareness Maturity Model**: Five-level maturity assessment
|
||||
- **AISA Phishing Resilience Protocol**: Australian standard for phishing testing
|
||||
- **CISA Cybersecurity Awareness Program**: Federal awareness guidance
|
||||
|
||||
## MITRE ATT&CK Techniques Addressed by Training
|
||||
- **T1566**: Phishing (all sub-techniques)
|
||||
- **T1598**: Phishing for Information
|
||||
- **T1204**: User Execution
|
||||
- **T1534**: Internal Spearphishing
|
||||
|
||||
## Key Performance Indicators (KPIs)
|
||||
|
||||
| KPI | Description | Target |
|
||||
|---|---|---|
|
||||
| Phish-Prone Percentage | Users who click simulated phishing | < 5% |
|
||||
| Training Completion Rate | Users completing assigned modules | > 95% |
|
||||
| Report Rate | Users reporting simulated phishing | > 70% |
|
||||
| Time to Report | Average time to report phishing | < 5 minutes |
|
||||
| Repeat Offender Rate | Users failing multiple simulations | < 2% |
|
||||
| Training Satisfaction | Post-training survey score | > 4/5 |
|
||||
| Knowledge Assessment Score | Quiz/test average score | > 85% |
|
||||
|
||||
## Training Content Categories
|
||||
1. Email phishing identification
|
||||
2. Business email compromise (BEC)
|
||||
3. Spearphishing and whaling
|
||||
4. Vishing (voice phishing)
|
||||
5. Smishing (SMS phishing)
|
||||
6. QR code phishing (quishing)
|
||||
7. Social media phishing
|
||||
8. Credential harvesting
|
||||
9. Malicious attachments
|
||||
10. USB/physical social engineering
|
||||
@@ -0,0 +1,125 @@
|
||||
# Workflows: Anti-Phishing Training Program
|
||||
|
||||
## Workflow 1: Annual Program Lifecycle
|
||||
|
||||
```
|
||||
Q1: Baseline & Planning
|
||||
+-- Run baseline phishing simulation
|
||||
+-- Assess current awareness maturity level
|
||||
+-- Define annual targets and KPIs
|
||||
+-- Select/renew training platform
|
||||
+-- Design curriculum by role and department
|
||||
|
|
||||
Q2: Foundation Training
|
||||
+-- Deploy core phishing awareness modules
|
||||
+-- Run monthly simulations (easy difficulty)
|
||||
+-- Launch phishing report button
|
||||
+-- Begin tracking metrics
|
||||
|
|
||||
Q3: Advanced Training
|
||||
+-- Role-specific training (finance, IT, executives)
|
||||
+-- Increase simulation difficulty
|
||||
+-- Recognize security champions
|
||||
+-- Mid-year metrics review
|
||||
|
|
||||
Q4: Assessment & Optimization
|
||||
+-- Run year-end assessment simulation
|
||||
+-- Compare against baseline
|
||||
+-- Generate annual report
|
||||
+-- Identify gaps for next year
|
||||
+-- Present ROI to leadership
|
||||
```
|
||||
|
||||
## Workflow 2: Just-in-Time Training Flow
|
||||
|
||||
```
|
||||
User interacts with simulated phishing email
|
||||
|
|
||||
v
|
||||
[Did user click the link?]
|
||||
|
|
||||
+-- NO (ignored or reported) --> Positive outcome tracked
|
||||
| |
|
||||
| +-- [Did user report it?]
|
||||
| +-- YES --> Send congratulations, award points
|
||||
| +-- NO --> No action (not a failure)
|
||||
|
|
||||
+-- YES (clicked link)
|
||||
|
|
||||
v
|
||||
[Landing page shows "This was a test"]
|
||||
|
|
||||
v
|
||||
[Immediate micro-training module (2-3 min)]
|
||||
+-- What red flags were present
|
||||
+-- How to identify similar emails
|
||||
+-- How to report suspicious emails
|
||||
|
|
||||
v
|
||||
[Auto-enroll in refresher course within 7 days]
|
||||
|
|
||||
v
|
||||
[Manager receives aggregate report (not individual names)]
|
||||
|
|
||||
v
|
||||
[User included in next simulation cycle]
|
||||
```
|
||||
|
||||
## Workflow 3: Repeat Offender Escalation
|
||||
|
||||
```
|
||||
User fails first simulation
|
||||
|
|
||||
+-- Standard just-in-time training
|
||||
+-- Auto-enrolled in awareness module
|
||||
|
|
||||
User fails second simulation (within 6 months)
|
||||
|
|
||||
+-- Enhanced training assignment
|
||||
+-- One-on-one coaching session offered
|
||||
+-- Manager notification (private)
|
||||
|
|
||||
User fails third simulation
|
||||
|
|
||||
+-- Mandatory extended training
|
||||
+-- Access restrictions considered (additional MFA, restricted permissions)
|
||||
+-- HR involvement per policy
|
||||
+-- Monthly targeted simulations
|
||||
|
|
||||
User passes subsequent simulation
|
||||
|
|
||||
+-- Return to normal simulation schedule
|
||||
+-- Positive reinforcement
|
||||
```
|
||||
|
||||
## Workflow 4: Metrics-Driven Optimization
|
||||
|
||||
```
|
||||
Monthly Data Collection
|
||||
|
|
||||
+-- Simulation results (click, submit, report rates)
|
||||
+-- Training completion rates
|
||||
+-- User-reported real phishing volume
|
||||
+-- Help desk phishing tickets
|
||||
|
|
||||
v
|
||||
[Analyze by dimensions]
|
||||
+-- Department breakdown
|
||||
+-- Role/seniority breakdown
|
||||
+-- Location breakdown
|
||||
+-- Trend over time
|
||||
|
|
||||
v
|
||||
[Identify patterns]
|
||||
+-- Which departments are improving?
|
||||
+-- Which scenarios are most effective?
|
||||
+-- Are repeat offenders decreasing?
|
||||
+-- Is report rate increasing?
|
||||
|
|
||||
v
|
||||
[Adjust program]
|
||||
+-- Increase difficulty for high-performing groups
|
||||
+-- More training for struggling departments
|
||||
+-- New scenario types for common gaps
|
||||
+-- Update content for new threat trends
|
||||
```
|
||||
Reference in New Issue
Block a user