User does not meet security awareness requirements
Associated with
Inboxes
Underlying signals
Awareness User Untrained (RS36), Awareness High Risk user (RS37)
Reasonings
- Regular user, and
- Any user that is present in a security awareness connection
- RS36: Has training results within the last 6 months, and
- Any user that does not have training results would be ignored, as we base “undertrained” as failing or not completing assigned trainings
- RS36: Has failed to complete more than 33% of assigned trainings, or
- Example: If a user has been assigned 6 trainings and has failed to complete more than 2, the event would be present
- RS36: Has completed and failed more than 0% of assigned trainings, or
- Example: If a user has been assigned 6 trainings and has completed and failed at least one of them, the event would be present
- RS37: Has recent phishing simulation tests, and
- RS37: Has failed at least one of the phishing tests
- The user would have to click a phishing link in a phishing simulation test
Resolutions
- Assign additional trainings to reduce the percentage of incompletions or failures
Additional Considerations
- If RS36 or RS37 is present it will trigger the event, some compliance events take input from multiple risk signals
- For clients not associated with a warranty, the Cork Partner can request Cork to change the thresholds for:
- Training lookback period (default is 6 months)
- Incomplete training percentage (default is 33%)
- Failed training percentage (default is 0%)