📥 Trigger: Human Risk Information From USecure (or any other vendor)
Completed Training: ✅ No action needed.
Not Completed Training: ❌ Send automated reminders until completed.
1st Reminder after 1 month: Gentle nudge (email/slack notification).
2nd Reminder after 2 months: Escalation to Manager/Security Team.
3rd Reminder after 4 months: Mandatory completion notice (with potential access restrictions for non-compliance).
User Passed: ✅ No action required.
User Failed the Simulation (Clicked Link or Entered Credentials): ❌
🚨 Assign immediate phishing awareness training.
📩 Send user phishing best practices material.
🔄 Schedule follow-up phishing simulations to track improvement.
Indicators:
Credential exposure (e.g. Dark Web monitoring).
Email found in a known data breach.
✅ Response Actions:
🚨 Immediately notify IT administrator.
🔄 Suggest password reset for the user.
🔐 Enforce MFA (if not already enabled).
📩 Send best security practices materials to the user.
🎓 Enroll user in additional security training on account protection.
Risk Score Improving: ✅ No action needed.
Risk Score Not Improving: ❌
📢 Send reminders to users about completing training.