Nexthink allows you to enhance your company's security awareness with a user-centric approach built around employee risk assessment, risk education and real-time security improvements to avoid threats from occurring.
- 18.104.22.168 - 04 Apr 2019 - Initial release
This pack uses Scores which must be configured by Nexthink Professional Services or by a certified Nexthink partner.
A comprehensive Security Awareness pack consisting of employee risk assessment, risk education and real-time security improvements to avoid threats from occurring.
Part of the Employee Security Awareness Solution by Nexthink.
The content pack is structured as follows:
Employee Security Risk module
For each employee across the organization, a risk score is calculated based on 4 basic risk scenarios:
- users accessing to suspicious domains
- users executing applications from USB
- users running new / unknown applications
- users generating high external traffic
Employees with high risk score are potential candidates to a specific security awareness campaign.
Note: risk scenarios must be adapted for each environment, ideally based on a risk assessment outcome.
Employee Security Awareness module
The first dashboard (Initial campaign) summarizes the results of a generic campaign that calculates an "awareness score" for each employee. Different security topics are covered, such as malwares, incident response, phishing or privileged accesses. It can be considered as a baseline to assess the knowledge across the company regarding information security.
The second dashboard (Single-questions campaign) presents the results of simple campaigns that are targeted to specific employees. For example, for users with a high-risk score due to multiple executions from USB mass-storage devices, a dedicated campaign related to the risks of such behaviors is published.
Note: again, this example has to be adapted to the real needs in term of information security education for each organization. Awareness campaigns must be developed in collaboration with internal security stakeholders.