MIDASEC08-BP02 Conduct regular security awareness programs

Develop training and awareness programs for industrial application teams to reinforce best practices, policy understanding, and threat awareness.

Desired outcome: Engineering and operations staff are informed about evolving security threats and policies, reducing the risk of human error.

Benefits of establishing this best practice: Improves organizational security culture, reduces social engineering risks, and increases policy adherence.

Level of risk exposed if this best practice is not established: Medium

Implementation guidance

Deliver targeted training sessions and simulate threat scenarios relevant to OT and industrial environments.

Implementation steps

Identify key roles that need training (for example, developers, operators, and integrators).
Use AWS learning resources or third-party courses tailored to industrial security.
Conduct quarterly refresher sessions and phishing simulations.
Track and report training completion and outcomes to leadership.

Resources

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

MIDASEC08-BP01 Align security controls with industry standards

MIDASEC09-BP01 Apply secure coding practices for applications and data integrations