Cyber Risk Management: Awareness and Operational Training

This is the fourth in a short series we’re writing for our friends at SurfWatch Labs on applying the Preparedness Cycle to Cyber Risk Management (read parts onetwo, and three here).

In our sustained effort to reduce risk through proper preparedness, we’ll tackle the next critical step in the Preparedness Cycle — training. To effectively support our efforts to reduce organizational risks we want to ensure our personnel are properly trained. The focus of this article is specifically on two types of training: Threat Awareness Training and Operational Training

Organizations face a wide array of threats to their operations, people, and facilities. With limited time and resources, training can’t address every threat. To help prioritize training activities and emphasis, leaders should apply a threat-informed but risk-based approach to planning, developing, and conducting training. That means understanding the threats, conducting a risk assessment, and prioritizing the greatest risks as primary areas of focus…

Whether your emphasis is on health issues – such as the impacts of a potential pandemic, or natural disasters – maybe annual spring flooding or perhaps you’re in an area that is more likely to experience high-impact hurricanes, or physical security threats – such as workplace violence, the same approach to training applies. Addressing your prioritized risk concerns, both Operational Training and Threat Awareness Training should be included in your multi-year preparedness program.

To read the complete post, continue to SurfWatch Labs: “Preparedness & Cyber Risk Reduction Part Four: Awareness and Operational Training

This series is being written by Andy Jabbour, Gate 15’s Co-Founder and Managing Director. Andy leads Gate 15’s risk management and critical infrastructure operations with focus on Information Sharing, Threat Analysis, Operational Support & Preparedness Activities (Planning, Training & Exercise). Andy has years of experience working with partners across the critical infrastructure and homeland security enterprise to support national security and client business needs.