Direct links from the subject.
| Property | Value |
|---|---|
|
The subject is an instance of a class. |
|
|
The subject is an instance of a class. |
An idea or notion; a unit of thought. |
|
A human-readable name for the subject. |
PR.AT-01.4: The organisation shall evaluate whether its cybersecurity awareness training is effec- tive in improving knowledge, behaviour, and readiness across the organisation. |
|
PR.AT-01.4 |
|
|
http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p106 |
|
|
Relates a concept to a concept that is more general in meaning. |
|
|
A general note, for any purpose. |
The goal of this control is to ensure that cybersecurity awareness training leads to measurable improvements in personnel knowledge, secure behaviour, and readiness to respond to cyber threats across all levels of the organisation.This control builds on the threat-specific awareness from PR.AT-01.2 and the role-based training from PR.AT-01.3 by introducing a structured approach to measure the impact of awareness efforts. The implementation should consider the following: • The organisation should assesswhetherawareness training is accessible to all relevant personnel andwhether it effectively influences their cybersecurity behaviour, awareness, and attitudes. • If the organisation lacks experience in evaluation, it should consider using existing evaluated frameworks or tools, such as ENISA’sAR-in-a-Box, which includes guidance on setting goals, selecting KPIs, and measuring impact. • Ifdeveloping an evaluation method internally, the organisation should look into good practices and evidence- based approaches for evaluating awareness programmes. • Evaluation methods should include a mix of: o Pre- and post-training assessments or quizzes. o Simulated phishing or social engineering tests. o Surveys to measure changes in awareness, confidence, and behaviour. o Feedback from participants and trainers. • The organisation should document lessons learned and use the results to improve future training efforts. |
|
A general note, for any purpose. |
<div><p>The goal of this control is to ensure that cybersecurity awareness training leads to measurable improvements in personnel knowledge, secure behaviour, and readiness to respond to cyber threats across all levels of the organisation.This control builds on the threat-specific awareness from PR.AT-01.2 and the role-based training from PR.AT-01.3 by introducing a structured approach to measure the impact of awareness efforts. The implementation should consider the following:</p><ul><li>The organisation should assesswhetherawareness training is accessible to all relevant personnel andwhether it effectively influences their cybersecurity behaviour, awareness, and attitudes.</li><li>If the organisation lacks experience in evaluation, it should consider using existing evaluated frameworks or tools, such as ENISA’sAR-in-a-Box, which includes guidance on setting goals, selecting KPIs, and measuring impact.</li><li>Ifdeveloping an evaluation method internally, the organisation should look into good practices and evidence- based approaches for evaluating awareness programmes.</li><li>Evaluation methods should include a mix of:<ul><li>Pre- and post-training assessments or quizzes.</li><li>Simulated phishing or social engineering tests.</li><li>Surveys to measure changes in awareness, confidence, and behaviour.</li><li>Feedback from participants and trainers.</li></ul></li><li>The organisation should document lessons learned and use the results to improve future training efforts.</li></ul></div> |
|
A general note, for any purpose. |
The goal of this control is to ensure that cybersecurity awareness training leads to measurable improvements in personnel knowledge, secure behaviour, and readiness to respond to cyber threats across all levels of the organisation.This control builds on the threat-specific awareness from PR.AT-01.2 and the role-based training from PR.AT-01.3 by introducing a structured approach to measure the impact of awareness efforts. The implementation should consider the following: - The organisation should assesswhetherawareness training is accessible to all relevant personnel andwhether it effectively influences their cybersecurity behaviour, awareness, and attitudes. - If the organisation lacks experience in evaluation, it should consider using existing evaluated frameworks or tools, such as ENISA’sAR-in-a-Box, which includes guidance on setting goals, selecting KPIs, and measuring impact. - Ifdeveloping an evaluation method internally, the organisation should look into good practices and evidence- based approaches for evaluating awareness programmes. - Evaluation methods should include a mix of: - Pre- and post-training assessments or quizzes. - Simulated phishing or social engineering tests. - Surveys to measure changes in awareness, confidence, and behaviour. - Feedback from participants and trainers. - The organisation should document lessons learned and use the results to improve future training efforts. |
|
A general note, for any purpose. |
The goal of this control is to ensure that cybersecurity awareness training leads to measurable improvements in personnel knowledge, secure behaviour, and readiness to respond to cyber threats across all levels of the organisation.This control builds on the threat-specific awareness from PR.AT-01.2 and the role-based training from PR.AT-01.3 by introducing a structured approach to measure the impact of awareness efforts. The implementation should consider the following: - The organisation should assesswhetherawareness training is accessible to all relevant personnel andwhether it effectively influences their cybersecurity behaviour, awareness, and attitudes. - If the organisation lacks experience in evaluation, it should consider using existing evaluated frameworks or tools, such as ENISA’sAR-in-a-Box, which includes guidance on setting goals, selecting KPIs, and measuring impact. - Ifdeveloping an evaluation method internally, the organisation should look into good practices and evidence- based approaches for evaluating awareness programmes. - Evaluation methods should include a mix of: - Pre- and post-training assessments or quizzes. - Simulated phishing or social engineering tests. - Surveys to measure changes in awareness, confidence, and behaviour. - Feedback from participants and trainers. - The organisation should document lessons learned and use the results to improve future training efforts. |
|
A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme. |
PR.AT-01.4 |
|
skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties. |
Training effectiveness evaluation |
|
A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag. |
The organisation shall evaluate whether its cybersecurity awareness training is effec- tive in improving knowledge, behaviour, and readiness across the organisation. |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
http://cyfun.data.gift/data/CyFun2025_delta_IMPORTANT_to_ESSENTIAL |
|
Relates a resource (for example a concept) to a concept scheme in which it is included. |
|
|
The number of triples associated with the subject. |
17 |
|
Specifies the dataset the subject is part of. |
Resultaten 1 - 19 of 19
Inverse links to the subject.
| Property | Subject |
|---|---|
|
Relates a concept to a concept that is more specific in meaning. |
Resultaten 1 - 1 of 1