End users pose the greatest risk to the cybersecurity of any organization. Cybersecurity systems must consider the risks posed by end users and provide a symmetrical response. ISSP offers a complex cyber awareness and cyber hygiene program that addresses behavior-based cybersecurity risks.

The first stages of our program identify risk areas of individual employees, departments and the entire organization, allowing you to manage cyber threats at the level of your whole company as well as at the level of individual employees. This approach makes it possible to effectively implement security policies and make informed investment decisions to address cyber threats.

A comprehensive cyber security awareness program consists of many components. Our core technical platform for training employees and assessing residual cyber risks is based on a project first implemented in 2015–2017 by the Estonian and Latvian ministries of defense and the European Defense Agency as a direct response to sophisticated, targeted cyber attacks. The CybExer Technical Platform offers access to an interactive tool consisting of a training module and two modules for testing user behavior in cyberspace.

5 Program Components:

  1. Cyber hygiene testing for all employees using the CybExer online platform.

  2. Interactive Cyber hygiene training program (3 levels).

  3. Phishing attack simulations to test learning results.

  4. Targeted training courses from experienced trainers for high-risk groups.

  5. Regular feedback and encouragement.

Cyber Awareness Program
  • The program targets managers, regular users, and specialists, addressing specific concerns and threats associated with each of these groups. 

  • Testing and learning are based on analysis of everyday computer and device usage. Participants need to react to situations and questions they’re presented with during the course. 

  • The test is not pass or fail. Instead, it seeks to identify specific risk areas in which participants may be affected. 

  • Participants are assessed against a systemic risk matrix that highlights the level of risk along each threat vector. 

  • Unrestricted access to the platform allows users to learn and test themselves regularly at any interval. 

  • The program is constantly updated to reflect relevant global, country-specific and industry-specific threats. 

  • The learning process is supported by our trainers, project managers, and technical support team. 

  • High-risk employees are identified based on their level of cyber hygiene. 

  • Professional trainers together with an organization’s CISO group employees by risk type. 

  • Trainers develop and conduct short but intensive training courses to address identified risks for different groups. 

  • Phishing emails are created and distributed to employees based on the results of their training and identified risk areas. 

  • The surprise effect and personal experience provided by these emails significantly improves understanding of threats and negative consequences for the company. 

  • Employees’ responses to the phishing attack simulation allow you to plan effective measures to deal with dangerous behavior: additional training, administrative penalties, etc. 

  • Periodic newsletters informing employees about recent cyberattacks, current threats and other cybersecurity developments. 

  • Distribution of articles, graphics and video materials to improve learning using associative memorization techniques. 

  • Printed materials and souvenirs serving as reminders of the need to comply with cyber hygiene rules.


Washington DC

1300 I Street NW

Suite 400E, Washington

District of Columbia, 20005

+1 202 749 8432



10/14 Radyscheva St., Kyiv

Ukraine, 03124

+380 44 594 8018



33b Ilia Chavchavadze ave, 0179, Tbilisi, 

+995 32 224 0366



1 Grabarska st., 50-079  Wrocław,


+48 71 747 8705


808V, 165B Shevchenko St, 050009, Almaty,


+7 727 341 0024



Suite 2600, Three Bentall Centre 
595 Burrard St., PO Box 49314 
Vancouver BC V7X 1L3 Canada
+1 289 968 4454

i n f o @ i s s p . c o m

© 2020 by ISSP - Information Systems Security Partners