You are using an ad blocker that is interfering with our web typography and internal javascript. Please whitelist our domain to live in a more beautiful world. No ads here, just really great software!

Security Awareness Program

Nexthink allows you to enhance your company's security awareness with a user-centric approach built around employee risk assessment, risk education and real-time security improvements to avoid threats from occurring.

Screenshots

Content

Campaigns - 4
Dashboards - 3
Investigations - 5
Metrics - 48
Scores - 2

Required Modules

Nexthink Engage
Nexthink Enhance

Platforms

Windows

Compatibility

V6.17 and later
  • 1.0.0.0 - Initial release

Description

This pack uses Scores which must be configured by Nexthink Professional Services or by a certified Nexthink partner.

A comprehensive Security Awareness pack consisting of employee risk assessment, risk education and real-time security improvements to avoid threats from occurring.

Part of the Employee Security Awareness Solution by Nexthink.

The content pack is structured as follows:

Employee Security Risk module

For each employee across the organization, a risk score is calculated based on 4 basic risk scenarios:

  • users accessing to suspicious domains
  • users executing applications from USB
  • users running new / unknown applications
  • users generating high external traffic

Employees with high risk score are potential candidates to a specific security awareness campaign.

Note: risk scenarios must be adapted for each environment, ideally based on a risk assessment outcome.

Employee Security Awareness module

The first dashboard (Initial campaign) summarizes the results of a generic campaign that calculates an "awareness score" for each employee. Different security topics are covered, such as malwares, incident response, phishing or privileged accesses. It can be considered as a baseline to assess the knowledge across the company regarding information security.

The second dashboard (Single-questions campaign) presents the results of simple campaigns that are targeted to specific employees. For example, for users with a high-risk score due to multiple executions from USB mass-storage devices, a dedicated campaign related to the risks of such behaviors is published.

Note: again, this example has to be adapted to the real needs in term of information security education for each organization. Awareness campaigns must be developed in collaboration with internal security stakeholders.