One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8450002 |
| Date de publication | 2024-02-14 06:00:59 (vue: 2024-02-14 14:09:32) |
| Titre | Comment Proofpoint peut vous aider à répondre aux exigences de conformité CMMC 2.0 et 3.0 How Proofpoint Can Help You Meet CMMC 2.0 and 3.0 Compliance Requirements |
| Texte | The Cybersecurity Maturity Model Certification (CMMC) program enforces the protection of sensitive unclassified information that the U.S. Department of Defense (DoD) shares with its contractors and subcontractors. You can learn more about the CMMC here. In this blog post, we provide an overview of how Proofpoint Security Awareness training can help you meet CMMC 2.0 and 3.0 compliance requirements. CMMC overviews for awareness and training (AT) In this section, we\'ll match compliance requirements with what\'s provided by Proofpoint Security Awareness. CMMC Level 2 AT.L2-3.2.1 – Role-Based Risk Awareness AT.L2-3.2.2 – Role-Based Training CMMC compliance requirement Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems. Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities. How Proofpoint Security Awareness meets this need We offer targeted training that is based on: User ability (basic, beginner, intermediate and advanced) Role and function (21 options) Which users are most targeted by threats Which users click the most (the riskiest users) Proofpoint also offers training that is relevant for users in specific industries. An overview of the 21 different role-based training dropdowns. There are 13 industry training options offered by Proofpoint. AT.L2-3.2.3 – Insider Threat Awareness CMMC compliance requirement Provide security awareness training on recognizing and reporting potential indicators of insider threat. How Proofpoint Security Awareness meets this need Insider threats are a security concern for businesses across industries. That\'s why we offer more than 120 training modules on this critical topic. A selected view of the more than 120 insider threat modules. CMMC Level 3 AT.L3-3.2.1e – Advanced Threat Awareness CMMC compliance requirement Provide awareness training upon initial hire, following a significant cyber event, and at least annually, focused on recognizing and responding to threats from social engineering, advanced persistent threat actors, breaches, and suspicious behaviors; update the training at least annually or when there are significant changes to the threat. How Proofpoint Security Awareness meets this need Our Threat Alerts and phish simulations stem from our industry-leading threat intelligence program where Proofpoint protects 26% of the world\'s email. We use our data to provide our customers with updates weekly, if not more often, on the threat landscape. Our Threat Alerts and phish simulation campaigns cover the following topics and much more: Social engineering QR codes Voicemail lures Telephone-oriented attack delivery TOAD) threats Advanced Persistent Threats (APTs) E-crime actors Impostor threats Proofpoint Email Protection is updated hundreds of times daily as we see and block new threats. The Proofpoint Threat Intelligence team also works with the Proofpoint Security Awareness team to update the threat landscape weekly. Together, these teams ensure that cybersecurity training always reflects the latest threats. AT.L3-3.2.2e – Practical Training Exercises CMMC compliance requirement Include practical exercises in awareness training for all users, tailored by roles, to include general users, users with specialized roles, and privileged users, that are aligned with current threat scenarios and provide feedback to individuals involved in the training and their supervisors. How Proofpoint Security Awareness meets this need Your users can be trained based on their role, experience level, vertical, “targeted-ness,” risky clicking behavior in the wild, and other factors. We can provide feedback to them right after they pass or fail a phishing test. We can also supply |
| Envoyé | Oui |
| Condensat | 120 2024 2 800 ability about access: across activities actors actors additional administrators advanced after agencies alert alerts aligned all also always annually applicable approach apts are assessment assessments assigned associated attack available aware awareness awareness based basic beginner behavior behaviors; block blog breaches businesses campaigns can carry certification change changes click clicking cmmc codes complete compliance concern content contractors control controlled cover crime critical cui current curriculum curriculum customers cyber cybersecurity daily dashboard data defense delivery department different dod dozens drives dropdowns duties education email enforces engineering engineering ensure event example examples excellent exercises exercises experience factors fail failures features federal feedback find focused following framework from function general gifs government government handling help here hire holistic how hundreds immediate impostor include indicators individuals industries industry information initial inside insider intelligence intermediate involved its january landscape latest leading learn least level library lures lures made managers marking match materials maturity meet meets model modules more more: more most much needs need need ness new nist not offenders offer offered offers often on: options organizational oriented other out outcomes overview overview; overviews page pass performances persistent personnel phish phishing platform policies post posters potential practical privileged procedures program proofpoint protection protects proven provide provided public real recognizing reflects related relevant repeat reporting requirements requirement responding responsibilities right risk riskiest risks risky role roles scenarios scheduled section security see selected sensitive shares significant simulation simulations social some specialized specific spoofing standards stem storage subcontractors substandard supervisors supply suspicious systems tab tailor tailored takes targeted team teams telephone test than that them themed themes these those threat threats threats times toad together topic topics trained training training unclassified update updated updates upon use user users vertical videos view views voicemail want weekly what when where which why wild works world your “targeted |
| Tags | Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.