The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) debuted Chapter 2 of the CISA Cyber Essentials Toolkit which centers around how organization staff and the users can exercise good cyber posture.
Within the chapter, CISA outlines leaders can develop a culture of awareness to encourage employees to make good choices online, learn about risks like phishing and business email compromise, and maintain awareness of current events related to cybersecurity. Further CISA offers what an organization can discuss with IT staff or service providers, including: leveraging basic cybersecurity training and identifying and using available training resources.
“Your staff is often the first line of defense for your organization. Investing in your personnel reduces vulnerabilities and drives a culture of ownership,” the chapter reads. “They must be equipped to recognize cybersecurity risks such as phishing scams, password hacks, and outdated anti-malware, as well as trained to respond and share information appropriately.”
On May 29, 2020, CISA released Chapter 1 of the Cyber Essentials Toolkit, which was focused on “leadership in forging a culture of cyber readiness in their organization with an emphasis on strategy and investment.”
“We hope this toolkit, and the ones we are developing, fills gaps and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead,” CISA Director Christopher Krebs said at the time.