creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-anti-phishing-training-program/references/standards.md
T

50 lines
2.1 KiB
Markdown
Raw Blame History

# Standards & References: Anti-Phishing Training Program
## NIST Guidelines
- **NIST SP 800-50**: Building an Information Technology Security Awareness and Training Program
- **NIST SP 800-16**: Information Technology Security Training Requirements
- **NIST SP 800-53 Rev.5**: AT-1 through AT-6 - Awareness and Training family
## Regulatory Requirements
- **PCI DSS 4.0**: Requirement 12.6 - Security awareness training for all personnel
- **HIPAA**: 45 CFR 164.308(a)(5) - Security awareness and training
- **SOX**: Section 404 - Internal controls requiring security awareness
- **GDPR**: Article 39(1)(b) - Data protection awareness training
- **CMMC 2.0**: AT.L2-3.2.1/2/3 - Awareness and training practices
- **FFIEC**: Information Security Handbook - Security awareness training
## Industry Frameworks
- **SANS Security Awareness Maturity Model**: Five-level maturity assessment
- **AISA Phishing Resilience Protocol**: Australian standard for phishing testing
- **CISA Cybersecurity Awareness Program**: Federal awareness guidance
## MITRE ATT&CK Techniques Addressed by Training
- **T1566**: Phishing (all sub-techniques)
- **T1598**: Phishing for Information
- **T1204**: User Execution
- **T1534**: Internal Spearphishing
## Key Performance Indicators (KPIs)
| KPI | Description | Target |
|---|---|---|
| Phish-Prone Percentage | Users who click simulated phishing | < 5% |
| Training Completion Rate | Users completing assigned modules | > 95% |
| Report Rate | Users reporting simulated phishing | > 70% |
| Time to Report | Average time to report phishing | < 5 minutes |
| Repeat Offender Rate | Users failing multiple simulations | < 2% |
| Training Satisfaction | Post-training survey score | > 4/5 |
| Knowledge Assessment Score | Quiz/test average score | > 85% |
## Training Content Categories
1. Email phishing identification
2. Business email compromise (BEC)
3. Spearphishing and whaling
4. Vishing (voice phishing)
5. Smishing (SMS phishing)
6. QR code phishing (quishing)
7. Social media phishing
8. Credential harvesting
9. Malicious attachments
10. USB/physical social engineering
Reference in New Issue View Git Blame Copy Permalink