mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-12 14:14:56 +03:00
mukul975
66 lines
2.4 KiB
Markdown
66 lines
2.4 KiB
Markdown
# Anti-Phishing Training Program Plan Template
|
|
|
|
## Program Overview
|
|
- **Organization**: [Company Name]
|
|
- **Program Owner**: [CISO / Security Awareness Manager]
|
|
- **Start Date**: [YYYY-MM-DD]
|
|
- **Review Cycle**: [Quarterly / Semi-annual]
|
|
|
|
## Baseline Metrics
|
|
| Metric | Current Value | 6-Month Target | 12-Month Target |
|
|
|---|---|---|---|
|
|
| Phish Click Rate | % | % | <5% |
|
|
| Submit Rate | % | % | <2% |
|
|
| Report Rate | % | % | >60% |
|
|
| Training Completion | % | 90% | 95% |
|
|
| Repeat Offenders | % | % | <3% |
|
|
|
|
## Training Curriculum
|
|
| Module | Audience | Duration | Frequency | Platform |
|
|
|---|---|---|---|---|
|
|
| Phishing Basics | All employees | 15 min | Annual + new hire | |
|
|
| BEC/Wire Fraud | Finance | 20 min | Quarterly | |
|
|
| Executive Threats | C-suite/VPs | 10 min | Quarterly | |
|
|
| IT-Targeted Phishing | IT Staff | 20 min | Quarterly | |
|
|
| Credential Protection | All employees | 10 min | Semi-annual | |
|
|
| Mobile Threats (Smishing) | All employees | 10 min | Annual | |
|
|
|
|
## Simulation Schedule
|
|
| Month | Scenario Type | Difficulty | Target Group |
|
|
|---|---|---|---|
|
|
| Jan | Password reset | Easy | All employees |
|
|
| Feb | Vendor invoice | Medium | Finance |
|
|
| Mar | IT notification | Easy | All employees |
|
|
| Apr | Package delivery | Easy | All employees |
|
|
| May | Executive request | Hard | Finance + Admin |
|
|
| Jun | Cloud storage share | Medium | All employees |
|
|
| Jul | HR policy update | Easy | All employees |
|
|
| Aug | Tax document | Medium | All employees |
|
|
| Sep | Conference invite | Medium | All employees |
|
|
| Oct | Security alert | Hard | IT Staff |
|
|
| Nov | Benefits enrollment | Medium | All employees |
|
|
| Dec | Holiday promotion | Hard | All employees |
|
|
|
|
## Escalation Policy for Repeat Offenders
|
|
| Offense | Action | Responsible |
|
|
|---|---|---|
|
|
| First click | Just-in-time training + auto-enroll in module | Automated |
|
|
| Second click | Enhanced training + coaching offer | Security team |
|
|
| Third click | Mandatory training + manager notification | HR + Security |
|
|
| Fourth+ click | Access review + remediation plan | HR + IT + Security |
|
|
|
|
## Budget
|
|
| Item | Annual Cost |
|
|
|---|---|
|
|
| Training platform license | $ |
|
|
| Simulation platform | $ |
|
|
| Content development | $ |
|
|
| Program administration | $ |
|
|
| Rewards/recognition | $ |
|
|
| **Total** | **$** |
|
|
|
|
## Reporting Schedule
|
|
- **Monthly**: Simulation results to security team
|
|
- **Quarterly**: Department-level report to leadership
|
|
- **Annually**: Full program assessment and ROI report to board
|