creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-anti-phishing-training-program/references/standards.md
T

2.1 KiB
Raw Blame History

Standards & References: Anti-Phishing Training Program

NIST Guidelines

  • NIST SP 800-50: Building an Information Technology Security Awareness and Training Program
  • NIST SP 800-16: Information Technology Security Training Requirements
  • NIST SP 800-53 Rev.5: AT-1 through AT-6 - Awareness and Training family

Regulatory Requirements

  • PCI DSS 4.0: Requirement 12.6 - Security awareness training for all personnel
  • HIPAA: 45 CFR 164.308(a)(5) - Security awareness and training
  • SOX: Section 404 - Internal controls requiring security awareness
  • GDPR: Article 39(1)(b) - Data protection awareness training
  • CMMC 2.0: AT.L2-3.2.1/2/3 - Awareness and training practices
  • FFIEC: Information Security Handbook - Security awareness training

Industry Frameworks

  • SANS Security Awareness Maturity Model: Five-level maturity assessment
  • AISA Phishing Resilience Protocol: Australian standard for phishing testing
  • CISA Cybersecurity Awareness Program: Federal awareness guidance

MITRE ATT&CK Techniques Addressed by Training

  • T1566: Phishing (all sub-techniques)
  • T1598: Phishing for Information
  • T1204: User Execution
  • T1534: Internal Spearphishing

Key Performance Indicators (KPIs)

KPI Description Target
Phish-Prone Percentage Users who click simulated phishing < 5%
Training Completion Rate Users completing assigned modules > 95%
Report Rate Users reporting simulated phishing > 70%
Time to Report Average time to report phishing < 5 minutes
Repeat Offender Rate Users failing multiple simulations < 2%
Training Satisfaction Post-training survey score > 4/5
Knowledge Assessment Score Quiz/test average score > 85%

Training Content Categories

  1. Email phishing identification
  2. Business email compromise (BEC)
  3. Spearphishing and whaling
  4. Vishing (voice phishing)
  5. Smishing (SMS phishing)
  6. QR code phishing (quishing)
  7. Social media phishing
  8. Credential harvesting
  9. Malicious attachments
  10. USB/physical social engineering
Reference in New Issue View Git Blame Copy Permalink