User Security - Awareness Training Completion¶
Description¶
The percentage of users who have completed security awareness training in the last 12 months, ensuring that employees are equipped with the latest knowledge to identify and mitigate cyber threats, which is critical for reducing organizational vulnerabilities and enhancing overall security posture.
How we measure it¶
Find all active users from Okta and join with KnowBe4 training completion records to determine which users have completed awareness training within the last 365 days. Users are considered compliant if they have a matching training completion record in the specified timeframe.
Meta Data¶
| Attribute | Value |
|---|---|
| Metric id | us_awareness |
| Category | User Security |
| SLO | 80.00% - 90.00% |
| Weight | 0.4 |
| Type |  |
References¶
| Framework | Ref | Domain | Control |
|---|---|---|---|
| ISO 27001:2022 | A.6.3 | 6 People controls | Information security awareness, education and training |
| CIS 8.1 | 14.2 | Security Awareness and Skills Training | Train Workforce Members to Recognize Social Engineering Attacks |
| CIS 8.1 | 14.3 | Security Awareness and Skills Training | Train Workforce Members on Authentication Best Practices |
| CIS 8.1 | 14.4 | Security Awareness and Skills Training | Train Workforce on Data Handling Best Practices |
| CIS 8.1 | 14.5 | Security Awareness and Skills Training | Train Workforce Members on Causes of Unintentional Data Exposure |
| CIS 8.1 | 14.6 | Security Awareness and Skills Training | Train Workforce Members on Recognizing and Reporting Security Incidents |
| CIS 8.1 | 14.7 | Security Awareness and Skills Training | Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates |
| CIS 8.1 | 14.8 | Security Awareness and Skills Training | Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks |
| NIST CSF v2.0 | PR.AT-01 | Awareness and Training (PR.AT) | PR.AT-01: Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind |
Code¶
SELECT
users.profile.login AS resource,
'user' AS resource_type,
CASE
WHEN training.user.email IS NOT NULL THEN 1
ELSE 0
END AS compliance,
users.profile.login AS detail
FROM
{{ ref('okta_users') }} AS users
LEFT JOIN
{{ ref('knowbe4_enrollments') }} AS training
ON
users.profile.login = training.user.email and
CURRENT_DATE - CAST(training.completion_date AS DATE) <= 365
WHERE
users.status = 'ACTIVE';