Security Awareness and Training Program Overview

This document is an info brief detailing Ciena's security awareness and training program. It outlines how the program aligns with recognized frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework and ISO 27001. The program is designed to equip employees with the skills to recognize and mitigate cyber threats, ensuring operational confidence. Training modules focus on adhering to internal security policies, preventing social engineering and phishing attacks, safeguarding data privacy, and learning incident reporting protocols. The training is delivered through various methods, including workshops and e-learning. Additionally, Ciena conducts simulated threat exercises to maintain readiness against real-world cyber risks. The document emphasizes the importance of transparency in security practices, providing metrics and briefings to stakeholders to foster a culture of security awareness. Ciena's commitment to continual improvement and adaptation to evolving threats is also highlighted, reinforcing the organization's resilience and trustworthiness.