PCI Compliance on AWS: PCI Requirement 12.6
4 Tools for Security Awareness Training
The risk of an employee not understanding the potential security threats facing them as a frontline target could be just the opening that an attacker needs to create a security breach in AWS. This is why many information security frameworks and regulations, like the PCI DSS, have security awareness training requirements. PCI Requirement 12.6 says, “Implement a formal security awareness program to make all personnel aware of the cardholder data security policy and procedures.” More specifically, employees must go through security awareness training up on hire and at least annually.
Luckily, there are a number of online resources you can use to ensure a high level of training. We’ve put together a list of four online tools you can use to conduct your own security awareness training.
- Inspired eLearning: If you have a desire to engage in security awareness training through KirkpatrickPrice, you can expect us to utilize this thorough and effective online tool.
- Proofpoint: This interactive tool provides hands-on training that will prepare your employees to recognize various common security attacks.
- Enterprise Integration: Through EI’s training, you can personalize courses to meet your training needs, whether you’re a start-up or enterprise.
- KnowBe4: To develop a program that is built according to your specific requirements, this tool provides actionable tasks, helpful tips, coursework suggestions, and a management calendar.
Whether your business has a team of two or five hundred, investing in security awareness training from the beginning reinforces a culture of compliance and helps mitigate the risk of human error compromising cardholder data.
Training. We all have it. We all have to have it. As IT professionals, it is hard for us to keep up with the technology curve without it. PCI Requirement 12.6 requires security awareness training for all employees that handle, process, or store cardholder data. It is the kind of training that covers phishing emails, secure login, and how to use multi-factor authentication. All of that can be wrapped up into security awareness training, but PCI takes that one step farther. The PCI DSS requires that these employees be trained at hire and again annually. PCI Requirement 12.6.2 actually requires that they acknowledge it annually, so there are some things to track and record. As far as AWS, you can go to aws.amazon.com/training to get started, or you can check us out.
New resources coming soon!