Cyber Awareness
A pillar that focuses on the awareness,
understanding, and behavior of all stakeholders
in the organization towards cyber threats.
Overview
Cyber Awareness is a pillar that focuses on the awareness, understanding, and behavior of all stakeholders in an organization towards cyber threats. No matter how strong the security technology is, the human factor remains the last line of defense. People are the key to digital resilience and trust.
This pillar aims to build deep digital and cyber literacy, including understanding risks, basic security practices, and a shared responsibility mindset—that cybersecurity is the responsibility of everyone, not just the IT team.
Cyber Awareness ensures that every individual in the organization is able to recognize threats such as phishing, social engineering, data breaches, and understand incident response procedures. With collective awareness, organizations can significantly reduce the risk of incidents, increase public trust, and support a proactive security culture.
Key Component
Digital & Cyber Literacy
Developing a basic understanding of digital technology, cyber threats, and good security practices (password hygiene, use of multi-factor authentication, etc.).
Awareness Training & Education
Regular training for employees, management, and partners to recognize threats such as phishing, ransomware, social engineering, and digital fraud.
Internal Campaigns & Communication
Internal campaigns, newsletters, posters, and regular communications that instill a culture of digital security in daily activities.
Role-based Awareness Programs
Role-based training (e.g., for executives, operational staff, or developers) so that each party understands their risks and responsibilities.
Incident Reporting Culture
Encourage a culture of reporting incidents or suspicious activities without fear of blame, with clear communication channels.
Policy Familiarization & Best Practices
Ensuring all stakeholders understand the organization's cybersecurity policies, including policies on device, data, and access usage.
Third-Party & Supply Chain Awareness
Melibatkan mitra bisnis dan vendor untuk memahami standar keamanan dan kebijakan organisasi, menghindari celah dari pihak ketiga.
Continuous Improvement & Feedback
Mengumpulkan umpan balik dari peserta pelatihan dan hasil simulasi untuk meningkatkan kualitas program awareness secara berkelanjutan.
Cyber Awareness Trustless Roadmap
Cyber Awareness Implementation Program
The Cyber Awareness Implementation Program (CAIP) is Baliola’s strategic program to build a culture of digital and cyber awareness across all levels of the organization. This program combines trustless documentation, an educational curriculum from Mandala Future Technology Academy, and a sustainable Assessment → Consulting → Deployment → Re-Assessment approach to ensure that every individual understands their role in maintaining cyber security.
Assessment – Measuring Awareness Levels
- Cyber Awareness Maturity Assessment: Evaluates an organization's level of cyber awareness based on the Trustless Awareness Matrix (0.0 – 3.0).
- Baseline Cyber Literacy Test: An initial test to measure digital literacy and the ability to recognize threats.
- Gap Analysis & Policy Review: Identifies gaps in employee understanding of internal policies, best practices, and security protocols.
- Awareness Risk Mapping: Determining high-risk areas that require more intensive awareness campaigns.
Consulting – Designing a Blueprint Awareness
- Cyber Awareness Roadmap: A 6–12 month training and campaign plan, role-based (executive, staff, developer, etc.).
- Content & Engagement Design: Development of communication materials (posters, videos, micro-learning, e-newsletters).
- Incident Reporting Framework: Design of a simple and easy-to-understand incident reporting mechanism.
- Mandala Future Technology Academy Collaboration: Design of digital and cyber literacy training modules relevant to global threat trends.
Deployment – Training & Awareness Campaigns
- Training & Workshops:
- Basic Cyber Literacy Program – For all employees, focusing on basic security practices (MFA, password hygiene, phishing).
- Advanced Cyber Awareness Program – For technical teams or staff who manage sensitive data.
- Executive Awareness Program – For leaders, focusing on strategic risks and digital security policies.
- Internal Campaigns: Regular awareness campaigns (security tips via email, posters, mini-videos).
- Phishing Awareness Drill: Email phishing-based threat awareness simulation testing (coordinated with partners).
- Certificate & Badge System: Certification from Mandala Future Technology Academy as proof of employee competency.
Re-Assessment – Evaluation & Continuous Improvement
- Follow-up Cyber Literacy Test: Pengukuran ulang tingkat kesadaran untuk melihat kemajuan.
- Feedback & Program Adjustment: Evaluasi efektivitas materi pelatihan dan kampanye.
- Quarterly Awareness Review: Laporan evaluasi awareness dan rekomendasi peningkatan.
- Continuous Collaboration with Mandala Academy: Pembaruan modul pelatihan sesuai perkembangan ancaman.
Reference
NIST NICE Cybersecurity Workforce Framework (SP 800-181) – Panduan pengembangan kompetensi dan kesadaran siber untuk tenaga kerja.
NIST Cybersecurity Framework (CSF) 2.0 – Protect Function – Fokus pada pelatihan kesadaran dan pendidikan pengguna.
ISO/IEC 27002 – Code of Practice for Information Security Controls (kontrol kesadaran keamanan).
ISO/IEC 27001 – Annex A.7.2.2 – Informasi keamanan untuk pelatihan dan kesadaran karyawan.
ENISA Cybersecurity Training and Awareness Framework – Praktik terbaik literasi digital dan kampanye keamanan Eropa.
CIS Control v8 – Control 14 (Security Awareness and Skills Training) – Panduan untuk edukasi karyawan terkait ancaman siber.
OECD Digital Security Risk Management for Economic and Social Prosperity – Strategi kesadaran digital di level organisasi dan publik.