Question is "Read the below text and edit it to perspective of alice bank berhad or how banks can implement that develop this training program?

Among the most serious threats to an organization's information security is frequently not a technological control environment flaw. Employees and other personnel, on the other hand, can cause security incidents by disclosing information that could be used in a social engineering attack, failing to report suspicious activity, accessing sensitive information unrelated to the user's role without following proper procedures, and so on. As a result, it's critical for businesses to have a security awareness program in place to ensure that workers understand the necessity of protecting sensitive data, what they should do to manage data securely, and the repercussions of mishandling data. An organization's success depends on employees' understanding of the organizational and personal consequences of mishandling sensitive information. Penalties against the company, reputational harm to the organization and its personnel, and job loss are all examples of possible outcomes. It's critical to put the possibility for organizational harm into context for employees, outlining how such damage might influence their personal positions (Security Awareness Program Special Interest Group, 2014).

To improve an organization security posture, an organization should give periodic security awareness training to its employees. The security awareness training should include up-to-date knowledge and insights on current security occurrences. The need of having strong passwords, detecting, and reporting phishing attempts, and correctly handling personal information should all be stressed throughout training.

Frequent phishing tests should be included in security awareness training. Phishing tests enable users to learn from their mistakes and use their knowledge to detecting real phishing assaults. These phishing tests should be tailored to certain divisions inside an organization. Specially designed phishing tests are more difficult to spot, demonstrating the importance of security awareness training (SWOBODA, 2021).

Creating and sustaining a security awareness program.

Establish and Maintain a Security Awareness Program

Establishing a security awareness program and keep it up to date. The goal of a security awareness program is to teach the company's employees how to interact safely with the company's assets and data. Conduct training at the time of employment and at least once a year. Review and update material at least once a year, or if there are substantial enterprise changes that might affect this Safeguard.

Train Workforce Members to Recognize Social Engineering Attacks

Protecting is the security function associated with this safeguard. If this control is successful, every user will have access to frequent training to guarantee that they interact with data safely. Regular training will aid in reducing the likelihood of security problems.

Authentication Best Practices should be taught to all members of the workforce.

Authentication best practices will be taught to members of the workforce. MFA, password construction, and credential management are just a few examples. If this control is successful, a company will have users who use strong passwords and maintain their credentials properly.

Workforce should be educated on data handling best practices.

Train employees on how to recognize sensitive material and how to appropriately store, transmit, archive, and delete it. This involves educating employees on clear screen and desk best practices, such as locking their screens when they leave a corporate asset, wiping real and virtual whiteboards at the conclusion of meetings, and securing data and assets. The correct management of sensitive data is ensured if this check is successful. Sensitive information should be kept safe and out of reach of unauthorized individuals.

Employees should be educated on the causes of unintentional data exposure.

Educate employees on the causes of unintended data exposure. Wrong handling of sensitive data, the loss of a portable end-user device, and the publication of data to unwanted audiences are just a few examples.

Users that succeed with this control gain information of the reasons of unintended data disclosure. Training reinforces knowledge while also keeping users on the lookout for possible problems.

Employees are educated on how to recognize and report security incidents.

Teach employees how to spot a possible issue and how to report it. Users will be trained to spot security incidents if this control is successful. This makes it possible to report security incidents in a timely manner.

Train employees on how to spot and report missing security updates on their company's assets.

Train employees on how to check for and report out-of-date software updates, as well as any errors in automated processes and tools. Notifying IT professionals of any problems in automated procedures and technologies should be part of this training. Users are always utilizing patched systems if this control is successful. Any systems that are out of date will be reported to IT for repair.

Inform employees on the risks of connecting to and transmitting enterprise data through insecure networks.

Educate employees on the risks of connecting to and transferring data through unsecured networks for business purposes. If the company employs remote workers, training should include instructions on how to safeguard their home network equipment. If this control is successful, users will be aware of the hazards of an unsecured network. Successful training equips users with the knowledge they need to protect their home network.

Conduct security awareness and skills training for specific roles.

Conduct security awareness and skills training for specific roles. Secure system administration courses for IT workers, vulnerability awareness and prevention training for web application developers, and sophisticated social engineering awareness training for high-profile jobs are just a few examples of implementations. Success with this control provides users with the necessary security awareness training for their roles.