User does not meet security awareness requirements

Associated with

Inboxes

Underlying signals

Awareness User Untrained (RS36), Awareness High Risk user (RS37)

Reasonings

• Regular user, and

  • Any user that is present in a security awareness connection

• RS36: Has training results within the last 6 months, and

  • Any user that does not have training results would be ignored, as we base “undertrained” as failing or not completing assigned trainings

• RS36: Has failed to complete more than 33% of assigned trainings, or

  • Example: If a user has been assigned 6 trainings and has failed to complete more than 2, the event would be present

• RS36: Has completed and failed more than 0% of assigned trainings, or

  • Example: If a user has been assigned 6 trainings and has completed and failed at least one of them, the event would be present

• RS37: Has recent phishing simulation tests, and

• RS37: Has failed at least one of the last 5 phishing tests

  • The user would have to click a phishing link in a phishing simulation test

Resolutions

• Assign additional trainings to reduce the percentage of incompletions or failures

Additional Considerations

• If RS36 or RS37 is present it will trigger the event, some compliance events take input from multiple risk signals

• For clients not associated with a warranty, the Cork Partner can request Cork to change the thresholds for:

  • Training lookback period (default is 6 months)

  • Incomplete training percentage (default is 33%)

  • Failed training percentage (default is 0%)