Initial commit - 611 cybersecurity skills across all subdomains

This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
@@ -0,0 +1,49 @@
# Standards & References: Anti-Phishing Training Program
## NIST Guidelines
- **NIST SP 800-50**: Building an Information Technology Security Awareness and Training Program
- **NIST SP 800-16**: Information Technology Security Training Requirements
- **NIST SP 800-53 Rev.5**: AT-1 through AT-6 - Awareness and Training family
## Regulatory Requirements
- **PCI DSS 4.0**: Requirement 12.6 - Security awareness training for all personnel
- **HIPAA**: 45 CFR 164.308(a)(5) - Security awareness and training
- **SOX**: Section 404 - Internal controls requiring security awareness
- **GDPR**: Article 39(1)(b) - Data protection awareness training
- **CMMC 2.0**: AT.L2-3.2.1/2/3 - Awareness and training practices
- **FFIEC**: Information Security Handbook - Security awareness training
## Industry Frameworks
- **SANS Security Awareness Maturity Model**: Five-level maturity assessment
- **AISA Phishing Resilience Protocol**: Australian standard for phishing testing
- **CISA Cybersecurity Awareness Program**: Federal awareness guidance
## MITRE ATT&CK Techniques Addressed by Training
- **T1566**: Phishing (all sub-techniques)
- **T1598**: Phishing for Information
- **T1204**: User Execution
- **T1534**: Internal Spearphishing
## Key Performance Indicators (KPIs)
| KPI | Description | Target |
|---|---|---|
| Phish-Prone Percentage | Users who click simulated phishing | < 5% |
| Training Completion Rate | Users completing assigned modules | > 95% |
| Report Rate | Users reporting simulated phishing | > 70% |
| Time to Report | Average time to report phishing | < 5 minutes |
| Repeat Offender Rate | Users failing multiple simulations | < 2% |
| Training Satisfaction | Post-training survey score | > 4/5 |
| Knowledge Assessment Score | Quiz/test average score | > 85% |
## Training Content Categories
1. Email phishing identification
2. Business email compromise (BEC)
3. Spearphishing and whaling
4. Vishing (voice phishing)
5. Smishing (SMS phishing)
6. QR code phishing (quishing)
7. Social media phishing
8. Credential harvesting
9. Malicious attachments
10. USB/physical social engineering
@@ -0,0 +1,125 @@
# Workflows: Anti-Phishing Training Program
## Workflow 1: Annual Program Lifecycle
```
Q1: Baseline & Planning
+-- Run baseline phishing simulation
+-- Assess current awareness maturity level
+-- Define annual targets and KPIs
+-- Select/renew training platform
+-- Design curriculum by role and department
|
Q2: Foundation Training
+-- Deploy core phishing awareness modules
+-- Run monthly simulations (easy difficulty)
+-- Launch phishing report button
+-- Begin tracking metrics
|
Q3: Advanced Training
+-- Role-specific training (finance, IT, executives)
+-- Increase simulation difficulty
+-- Recognize security champions
+-- Mid-year metrics review
|
Q4: Assessment & Optimization
+-- Run year-end assessment simulation
+-- Compare against baseline
+-- Generate annual report
+-- Identify gaps for next year
+-- Present ROI to leadership
```
## Workflow 2: Just-in-Time Training Flow
```
User interacts with simulated phishing email
|
v
[Did user click the link?]
|
+-- NO (ignored or reported) --> Positive outcome tracked
| |
| +-- [Did user report it?]
| +-- YES --> Send congratulations, award points
| +-- NO --> No action (not a failure)
|
+-- YES (clicked link)
|
v
[Landing page shows "This was a test"]
|
v
[Immediate micro-training module (2-3 min)]
+-- What red flags were present
+-- How to identify similar emails
+-- How to report suspicious emails
|
v
[Auto-enroll in refresher course within 7 days]
|
v
[Manager receives aggregate report (not individual names)]
|
v
[User included in next simulation cycle]
```
## Workflow 3: Repeat Offender Escalation
```
User fails first simulation
|
+-- Standard just-in-time training
+-- Auto-enrolled in awareness module
|
User fails second simulation (within 6 months)
|
+-- Enhanced training assignment
+-- One-on-one coaching session offered
+-- Manager notification (private)
|
User fails third simulation
|
+-- Mandatory extended training
+-- Access restrictions considered (additional MFA, restricted permissions)
+-- HR involvement per policy
+-- Monthly targeted simulations
|
User passes subsequent simulation
|
+-- Return to normal simulation schedule
+-- Positive reinforcement
```
## Workflow 4: Metrics-Driven Optimization
```
Monthly Data Collection
|
+-- Simulation results (click, submit, report rates)
+-- Training completion rates
+-- User-reported real phishing volume
+-- Help desk phishing tickets
|
v
[Analyze by dimensions]
+-- Department breakdown
+-- Role/seniority breakdown
+-- Location breakdown
+-- Trend over time
|
v
[Identify patterns]
+-- Which departments are improving?
+-- Which scenarios are most effective?
+-- Are repeat offenders decreasing?
+-- Is report rate increasing?
|
v
[Adjust program]
+-- Increase difficulty for high-performing groups
+-- More training for struggling departments
+-- New scenario types for common gaps
+-- Update content for new threat trends
```