Security Training Services We Provide
We offer expert training tailored toward your organisation’s needs which includes;
- Training on key cyber threats to businesses today including ransomware, email, social engineering & regulatory enforcement action
- Awareness training progam management to comply with best practice and regulatory frameworks such as GDPR, ISO, NIST, PCI-DSS & others
- Training materials development such as powerpoint decks, email templates, handouts & posters
- One to one training for new security officers & DPO’s
- General training consultancy
An Irish owned bio-pharma with an R&D presence in San Fran asked us to develop their cybersecurity awareness training for their ISMS program. They required training materials for on-boarders, classroom training for various groups and management/reporting of their CBT Awareness (LMS) system.
They also requested upskilling for an internal staff member to take over the mantle of training provider afer the engagement.
With input from various stakeholders, we developed bespoke powerpoint materials which covered ISO27k, GDPR & 21CFR Part 11 for all staff.
We delivered in-person training to targeted staff members based on role (Marketing & IT Admins, HR Trainers etc).
We also worked with HR to get a list of all FTE’s, contractors and temp staff to be included in the CBT training and reported weekly on completion rates.
They achieved a 99.2% training compliance rate in Ireland and 98% in the US after a 4 1/2 month period.
We also trained an internal staff member on the process who assumed the role fully for year 2.
IN 2021 80% OF SITE OWNERS SAID SECURITY WAS THEIR NUMBER 1 CONCERN
The HSE ransomware attack of 2021 was the largest but will certainly not be the last large data breach to hit an Irish organisation. Most breaches are caused by human error such as clicking on email links, social engineering attacks and mishandling of personal data. As a result thousands of breaches are reported to data protection authorities each year while 10’s of thousands are not.
The HSE breach is assessed to have cost €50m so far in lost productivity, recovery efforts, investigative work, new technology and staffing arrangements. This number as in most cases can’t fully capture the loss of public confidence and control of where the stolen data is distributed to.
With scenarios like this in mind it’s ever more important for staff to be vigilant. This vigilence can be achieved through development of a security culture which is training centric and targeted which is where we can help.
We can train your staff on persistent and emerging threats, regulatory requirements and your internal policies. We put in extra effort to match training to particular groups within organisations as risk profiles vary. We offer multimodal training for best results with a mix of customised slide decks with quizzes, CBT (LMS) platforms, handouts, email templates, posters and overall program management.
We can cover ISO27K, NIST, PCI-DSS, GDPR, FDA & HIPPA security and a few other specilaity areas. We also provide continuous dashboard reporting on training progress to achieve maximum compliance.
Discuss your training options with our certified professional trainer by clicking on the contact us button below.
Process Checks Automation Development
Managing and tracking Technology BAU checks can be a challenge for organisations with large IT functions. Security daily checks, operational & development tasks, server checks, fire transfers etc.
Other periodic checks such as user reviews, firewall/ACL rule reviews, license/certificate renewals which are often mandated by compliance standards like PCI-DSS adds another layer of complexity.
The reality on the ground is that many of these checks are not documented in any meaningful or historical manner which leaves gaps in compliance programs, increased risk and difficulties in proving CMMI progression.
We’ve built low tech, high impact solutions to meet this need in organisations by analysis of existing and missing checks, particularly compliance ones.
Sub areas like AppDev, IT Ops and Security have their own smart workbooks which capture and tally checks which feed into a larger departmental dashboard with compliance metrics.
To find out more, contact us using the button below
Awareness training is required for any staff member, contractor, temp employee who accesses computer systems on your network. Vendors may also be required to take training when they have standing access to your systems or are part of an outsourcing arrangement.
Awareness training is a requirement for companies that follow a security framework like ISO 27001, PCI-DSS, GDPR, HIPPA, NIST and several others. If you’re holding personal data on even a thousand customers, it’s highly likely if not required that your organisation is required to have annual and on-boarding awareness training for staff.
It’s also required if your company is seeking industry certifications like SOC2 and ISO from assessing bodies. Regulatory agencies will also expect to see a training program in place, particularly in instances where a data breach has occured. Lack of an effective program will be an aggravating factor in assessing penalties and sanctions in many cases.
Each company we engage with has different needs and different stages in maturity of their security awareness program. We customise our training offerings around these needs and apply targeted training based on a risk based approach. For example, marketing personnel will have a different risk profile when it comes to GDPR than helpdesk support staff. Equally customer support staff will have a separate profile from executive staff. As a result, we build training that looks at these differences and applies training accordingly.
We cover key topics in security awareness including ransomoware, phishing, data handling, GDPR requirements, remote working risks and data breach case history. We also look at existing in-house policies and incorporate them into training coverage.
We customise topic coverage for targeted audiences, for example, for marketing audience we drill down on topics related to security risks in marketing campaigns and regulatory risk exposure for data protection authorities.
Hear from our Customers
“Paul [From Carlton Web Solutions] is a tenacious and a knowledgeable mentor who has a great expertise in his field of web technologies and security. It was a pleasure to work for him on projects and his ideas were always strong and futuristic. He is not only an inspiring coach but also a positive human being. I would highly recommend his services to anyone who wishes to use progressive and reliable services. ” [Dec 2021]
“We have used Carlton Web Solutions for web development & security work over the past few weeks and their attention to detail is second to none! I would recommend them for all web development, security work and training” [Apr 2022]
I freely recommend Paul as an asset to any group. He demonstrated an appreciable work ethic with deep knowledge of his area of expertise. This was coupled with a complementary understanding of the interactions of his responsibilities with the rest of the organziation. I am eager to enjoy the opportunity to work with him again.
Get in Touch