{"id":35524,"date":"2026-06-23T17:28:28","date_gmt":"2026-06-23T09:28:28","guid":{"rendered":"https:\/\/aiportek.com\/?p=35524"},"modified":"2026-06-23T17:32:07","modified_gmt":"2026-06-23T09:32:07","slug":"knowbe4-hongkong-ciso-risk-audit-solution","status":"publish","type":"post","link":"https:\/\/aiportek.com\/en\/knowbe4-hongkong-ciso-risk-audit-solution\/","title":{"rendered":"[Hongke Solutions] From Passive Defense to Proactive Prevention: Easily Handle Annual Risk Assessments and Security Audits with KnowBe4"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"35524\" class=\"elementor elementor-35524\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-303a47ec elementor-section-stretched elementor-section-full_width elementor-section-height-min-height elementor-section-content-middle elementor-section-height-default elementor-section-items-middle\" data-id=\"303a47ec\" data-element_type=\"section\" data-settings=\"{&quot;stretch_section&quot;:&quot;section-stretched&quot;,&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-27d5e225\" data-id=\"27d5e225\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-4e369ae3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4e369ae3\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-6555484e\" data-id=\"6555484e\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-397ef20e elementor-widget elementor-widget-heading\" data-id=\"397ef20e\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Hongke's latest articles<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-4b5c0d9b elementor-absolute elementor-widget elementor-widget-heading\" data-id=\"4b5c0d9b\" data-element_type=\"widget\" data-settings=\"{&quot;_position&quot;:&quot;absolute&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">HongKe<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6d18033c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6d18033c\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1f96cecf\" data-id=\"1f96cecf\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d303089 elementor-widget elementor-widget-text-editor\" data-id=\"d303089\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-4b0e7b4e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4b0e7b4e\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-7a4b7cfc\" data-id=\"7a4b7cfc\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-79a3214 elementor-widget elementor-widget-heading\" data-id=\"79a3214\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">[Hongke Solutions] From Passive Defense to Proactive Prevention: Easily Handle Annual Risk Assessments and Security Audits with KnowBe4<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-226f412 elementor-widget elementor-widget-post-info\" data-id=\"226f412\" data-element_type=\"widget\" data-widget_type=\"post-info.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-inline-items elementor-icon-list-items elementor-post-info\">\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-2358f4d elementor-inline-item\" itemprop=\"author\">\n\t\t\t\t\t\t<a href=\"https:\/\/aiportek.com\/en\/author\/hongketechnology\/\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-far-user-circle\" viewbox=\"0 0 496 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M248 104c-53 0-96 43-96 96s43 96 96 96 96-43 96-96-43-96-96-96zm0 144c-26.5 0-48-21.5-48-48s21.5-48 48-48 48 21.5 48 48-21.5 48-48 48zm0-240C111 8 0 119 0 256s111 248 248 248 248-111 248-248S385 8 248 8zm0 448c-49.7 0-95.1-18.3-130.1-48.4 14.9-23 40.4-38.6 69.6-39.5 20.8 6.4 40.6 9.6 60.5 9.6s39.7-3.1 60.5-9.6c29.2 1 54.7 16.5 69.6 39.5-35 30.1-80.4 48.4-130.1 48.4zm162.7-84.1c-24.4-31.4-62.1-51.9-105.1-51.9-10.2 0-26 9.6-57.6 9.6-31.5 0-47.4-9.6-57.6-9.6-42.9 0-80.6 20.5-105.1 51.9C61.9 339.2 48 299.2 48 256c0-110.3 89.7-200 200-200s200 89.7 200 200c0 43.2-13.9 83.2-37.3 115.9z\"><\/path><\/svg>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-author\">\n\t\t\t\t\t\t\t\t\t\tHongKeTechnology\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-a689c23 elementor-inline-item\" itemprop=\"datePublished\">\n\t\t\t\t\t\t<a href=\"https:\/\/aiportek.com\/en\/2026\/06\/23\/\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t\t<svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-calendar\" viewbox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M12 192h424c6.6 0 12 5.4 12 12v260c0 26.5-21.5 48-48 48H48c-26.5 0-48-21.5-48-48V204c0-6.6 5.4-12 12-12zm436-44v-36c0-26.5-21.5-48-48-48h-48V12c0-6.6-5.4-12-12-12h-40c-6.6 0-12 5.4-12 12v52H160V12c0-6.6-5.4-12-12-12h-40c-6.6 0-12 5.4-12 12v52H48C21.5 64 0 85.5 0 112v36c0 6.6 5.4 12 12 12h424c6.6 0 12-5.4 12-12z\"><\/path><\/svg>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-date\">\n\t\t\t\t\t\t\t\t\t\t<time>June 23, 2026<\/time>\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c027dd7 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"c027dd7\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9aba933 elementor-widget elementor-widget-heading\" data-id=\"9aba933\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">01. Introduction: Hong Kong\u2019s \u201cProtection of Critical Infrastructure (Computer Systems) Ordinance\u201d Is Coming Soon<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-853e9ed elementor-widget elementor-widget-image\" data-id=\"853e9ed\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/aiportek.com\/wp-content\/uploads\/2026\/04\/\u91d1\u878d-1024x683.jpeg\" class=\"attachment-large size-large wp-image-34451\" alt=\"\" srcset=\"https:\/\/aiportek.com\/wp-content\/uploads\/2026\/04\/\u91d1\u878d-1024x683.jpeg 1024w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/04\/\u91d1\u878d-300x200.jpeg 300w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/04\/\u91d1\u878d-768x512.jpeg 768w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/04\/\u91d1\u878d-1536x1024.jpeg 1536w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/04\/\u91d1\u878d-2048x1366.jpeg 2048w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/04\/\u91d1\u878d-18x12.jpeg 18w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/04\/\u91d1\u878d-600x400.jpeg 600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d3381e7 elementor-widget elementor-widget-text-editor\" data-id=\"d3381e7\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div data-page-id=\"WGjMdultQoaytmxVP47cpp4pnMe\" data-lark-html-role=\"root\" data-docx-has-block-data=\"false\"><div class=\"ace-line ace-line old-record-id-BpHudUiVgoJVT4x8gUlcgx0Hnhd\">As 2026 begins, many CISOs and risk managers are facing the same headache: Sections 24 and 25 of the Critical Infrastructure (Computer Systems) Protection Ordinance require that computer system security assessments be conducted annually.<strong>Risk Assessment<\/strong>, have a safety check every two years<strong>Review<\/strong>...and a complete report must be submitted within the specified timeframe.<\/div><div class=\"ace-line ace-line old-record-id-Ap6zdw9Eno7BDOxRFKHcl1L2n5X\">\u00a0<\/div><div class=\"ace-line ace-line old-record-id-N0eEdOmyhoSgyhx3MBvclGeWnhN\">Sounds familiar, right? But in reality, these two requirements carry much more weight than you might think.<\/div><div class=\"ace-line ace-line old-record-id-N2NFd1Tsxo2NB1xmQPIcXVoXnyg\">Article 24 does not simply call for \u201cassessing whether there are any vulnerabilities\u201d; rather, it requires you to systematically identify, analyze, and document threats and risks, and to monitor them on an ongoing basis. Article 25 further requires you to arrange for<strong>Independent Auditor<\/strong>Verify whether your security management plan is actually in place and whether the controls are effective. In other words, you need to be able to demonstrate<strong>Evidence<\/strong>\u2014Not speculation, not \u201cI don\u2019t think the risk is that high,\u201d but solid, traceable, and verifiable data.<\/div><div class=\"ace-line ace-line old-record-id-VcYbdTN84o4g3TxtAVzcIJHOn5e\">\u00a0<\/div><div class=\"ace-line ace-line old-record-id-Ai1HdQ9gnojOMexNMwKcw4PLnJf\">Most companies follow this approach: scan for vulnerabilities, write a report, submit it to the regulatory authorities, and call it a day. But this \u201ccheck-the-box\u201d style of assessment has a fatal flaw\u2014<strong>It often overlooks the most difficult-to-quantify\u2014yet most deadly\u2014source of risk: employee behavior.<\/strong>The<\/div><div class=\"ace-line ace-line old-record-id-Sr3adKXUGoafU2x5WoochEa8ngb\">The statistics are stark: more than 80% of cybersecurity incidents involve human factors\u2014ranging from phishing emails and password reuse to the inadvertent sharing of sensitive data. Yet in many companies\u2019 annual risk assessments, this area is completely overlooked. You\u2019ll see \u201cTechnical Risk Rating: High,\u201d but you won\u2019t see \u201cEmployee Security Awareness Risk: Not Assessed.\u201d<\/div><div class=\"ace-line ace-line old-record-id-WHttdXxEiossZ2xPhgschCHpnwd\">That\u2019s why KnowBe4 is becoming a must-have for more and more companies on their journey toward compliance with Sections 24 and 25\u2014it helps you transform \u201chuman risk\u201d from an invisible, intangible black box into<strong>A system that is measurable, improvable, and auditable<\/strong>The<\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c0546d0 elementor-widget elementor-widget-heading\" data-id=\"c0546d0\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">02. Core Value 1: Risk Assessment Becomes \u201cReal\u201d\u2014Quantify Human-Induced Risks; Stop Relying on Guesswork<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-764b767 elementor-widget elementor-widget-heading\" data-id=\"764b767\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">Blind Spots in Traditional Assessment<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f92de54 elementor-widget elementor-widget-text-editor\" data-id=\"f92de54\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div data-page-id=\"WGjMdultQoaytmxVP47cpp4pnMe\" data-lark-html-role=\"root\" data-docx-has-block-data=\"false\"><div class=\"ace-line ace-line old-record-id-GtN5dAtPAowajFxMlm9cn9FrnNc\">Traditional risk assessments typically ask:<\/div><ul class=\"list-bullet1\"><li class=\"ace-line ace-line old-record-id-PcdMdtkwWodNivxEYGkcMBEfnKf\" data-list=\"bullet\"><div>Is there a firewall?<\/div><\/li><li class=\"ace-line ace-line old-record-id-By4ZdMw06oak61xOoaUcwtRinxe\" data-list=\"bullet\"><div>Has the system been patched?<\/div><\/li><li class=\"ace-line ace-line old-record-id-Tp6sdHUIaoffU5xK8IGcn10Gnoc\" data-list=\"bullet\"><div>Are backups performed regularly?<\/div><\/li><\/ul><div class=\"ace-line ace-line old-record-id-V6XWdQoXRoAUjlxstMEc9qxvn1d\">All of these are important, but they only address \u201ctechnical risks.\u201d They completely fail to address one critical question:<strong>How easily can your employees be deceived?<\/strong><\/div><div class=\"ace-line ace-line old-record-id-NxFsdXq9mokjZnxkOnjcOGQGngc\">According to industry research, this figure typically ranges from 20 to 40%\u2014meaning that roughly 1\/5 to 2\/5 of the people in your company will click on a phishing email. This is not a small number; it is a<strong>Significant Risk Gap<\/strong>The<\/div><div class=\"ace-line ace-line old-record-id-YUlVdoHsOo4QSQxYhs9czHvanMf\">But the problem is that traditional assessment methods simply can\u2019t accurately quantify this gap. If you ask employees, \u201cDo you think you can spot a phishing email?\u201d 99% of them will answer, \u201cSure, I\u2019m very careful.\u201d Then, when you actually send them a phishing email, half of them fall for it.<\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e2e2fd3 elementor-widget elementor-widget-heading\" data-id=\"e2e2fd3\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">KnowBe4's Solution: Baseline Testing + Dynamic Scoring<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f19016d elementor-widget elementor-widget-text-editor\" data-id=\"f19016d\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div data-page-id=\"WGjMdultQoaytmxVP47cpp4pnMe\" data-lark-html-role=\"root\" data-docx-has-block-data=\"false\"><div class=\"ace-line ace-line old-record-id-Jx3xdxGy6ojthexydO5clrC2n1f\">KnowBe4 takes the most direct approach\u2014<strong>Practical Application<\/strong>\u2014To establish a baseline for assessing \u201chuman-induced risks\u201d:<\/div><div class=\"ace-line ace-line old-record-id-I5wpdAwqroqbdxxaEy8cwvwYngg\"><strong>1. Initial Phishing Security Test<\/strong><\/div><div class=\"ace-line ace-line old-record-id-TXzqdwfLwo6oH7xRSeGcow7znue\">Before the formal risk assessment under Section 24 begins, KnowBe4 will send a wave of carefully designed simulated phishing emails to all employees company-wide. These emails are not random; they are crafted based on social engineering tactics commonly used in your industry\u2014such as fake payment notifications, fake package delivery reminders, and fake requests for authorization from a boss.<\/div><div class=\"ace-line ace-line old-record-id-KqJpduFKyoI6X0x490oczKtdnFd\">\u00a0<\/div><div class=\"ace-line ace-line old-record-id-VmQ8d2YvSoOZokxFkcKcNJhEnnr\">Once the test is complete, you'll receive a clear report:<\/div><ul class=\"list-bullet1\"><li class=\"ace-line ace-line old-record-id-AUvUdlaknoiDdBx6iSZcox0Fn0d\" data-list=\"bullet\"><div><strong>Company-wide Vulnerability to Phishing Attacks<\/strong>(Phish-prone Percentage): For example, 28%<\/div><\/li><li class=\"ace-line ace-line old-record-id-SFkad98twoWfvcxeJyycsPvKnng\" data-list=\"bullet\"><div><strong>Risk Distribution by Department<\/strong>: HR Department 15%, Finance Department 35%, IT Department 8%<\/div><\/li><li class=\"ace-line ace-line old-record-id-QWqpdSGUjoUrpzxyQNsclyAznhW\" data-list=\"bullet\"><div><strong>Risk Distribution by Rank<\/strong>: General Employees 30%, Mid-level Managers 18%, Senior Executives 5%<\/div><\/li><\/ul><div class=\"ace-line ace-line old-record-id-LaoAdokTIovZhyxEFrncFFSQn4e\">This data corresponds to the \u201cProbability of Human-Caused Threats\u201d column in your risk assessment report.<strong>Firsthand evidence<\/strong>. And the key point is\u2014this is real behavioral data, not survey data, so it\u2019s far more persuasive.<\/div><div class=\"ace-line ace-line old-record-id-LVeudBxECoYbraxLSrNcxlbdntb\"><strong>2. Continuous Dynamic Risk Scoring<\/strong><\/div><div class=\"ace-line ace-line old-record-id-WccSd6dzXoRXyox8Y9BcMGAvnHd\">A single test does not constitute an assessment; only continuous monitoring constitutes management. KnowBe4\u2019s intelligent risk scoring engine dynamically calculates a risk score for each employee based on the following indicators:<\/div><div class=\"ace-line ace-line old-record-id-SytCd4fMbozILExyjVcc0hHXnQd\">\u00a0<\/div><ul class=\"list-bullet1\"><li class=\"ace-line ace-line old-record-id-M7XBdnCdloQRp6x8I95cfWSxnFf\" data-list=\"bullet\"><div>Did you click on the phishing email?<\/div><\/li><li class=\"ace-line ace-line old-record-id-ShSidowNao0rXzxLAXWcxlHtnpg\" data-list=\"bullet\"><div>Have you completed the safety training course?<\/div><\/li><li class=\"ace-line ace-line old-record-id-IxCUdYtmxoTtvBx5UGacgURwn6g\" data-list=\"bullet\"><div>Has there been any improvement in performance during testing?<\/div><\/li><li class=\"ace-line ace-line old-record-id-AImMdqJFIorAvOxodQKccHNfntO\" data-list=\"bullet\"><div>Should you proactively report suspicious emails?<\/div><\/li><\/ul><div class=\"ace-line ace-line old-record-id-XnAodo5CMoUJyrxEbpAclc3DnIh\">Based on these factors, the system generates a visual \u201cEmployee Risk Distribution Chart\u201d\u2014you can clearly see how many people have moved from \u201chigh risk\u201d to \u201cmedium risk\u201d and then to \u201clow risk.\u201d This is<strong>The best evidence of the trend toward risk reduction<\/strong>The<\/div><div class=\"ace-line ace-line old-record-id-AOhgdeaCtoO1B3xLK7IcJtCenEh\">For risk assessment reports, this means that you are not simply submitting a \u201csnapshot of last year\u2019s risks,\u201d but rather demonstrating \u201chow our risk management is continuously improving\u201d\u2014which is precisely the \u201ccontinuous monitoring\u201d required by Clause 24.<\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-302cdab elementor-widget elementor-widget-heading\" data-id=\"302cdab\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">III. Core Value 2: Auditing with Confidence\u2014Proving Through Practical Testing That Controls Are Actually Working<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1860cbd elementor-widget elementor-widget-heading\" data-id=\"1860cbd\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">What Will the Auditor Ask?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3c5c631 elementor-widget elementor-widget-text-editor\" data-id=\"3c5c631\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div data-page-id=\"WGjMdultQoaytmxVP47cpp4pnMe\" data-lark-html-role=\"root\" data-docx-has-block-data=\"false\"><div class=\"ace-line ace-line old-record-id-SJfhdj8wwoCvS8xQeYrcc0XDnDd\">The audit required by Article 25 of the CISO is not simply a \u201cchecklist.\u201d Third-party auditors will ask in-depth questions:<\/div><ul class=\"list-bullet1\"><li class=\"ace-line ace-line old-record-id-OmDKdsij5oDpEmxjomJczEGpnKf\" data-list=\"bullet\"><div>You said the employees received safety training, so how come...<strong>Proof<\/strong>\uff1f<\/div><\/li><li class=\"ace-line ace-line old-record-id-PvKJdzhNco5K2qxYaDuc9o97nEh\" data-list=\"bullet\"><div>You say there are risk control mechanisms in place\u2014are these controls actually working?<\/div><\/li><li class=\"ace-line ace-line old-record-id-Ax6qd6QVeobxwUxvkOOcHWMznDh\" data-list=\"bullet\"><div>Has the effectiveness of these controls been continuously verified over the past year?<\/div><\/li><\/ul><div class=\"ace-line ace-line old-record-id-HEyPd9oi8oijlJxGDyiczWgznKc\">Traditional companies usually respond, \u201cSure, we send out a PDF version of the *Employee Safety Manual* every year and have everyone sign to confirm receipt.\u201d<\/div><div class=\"ace-line ace-line old-record-id-RX2TdoAqSoDP3axkYofcf1eOnah\">Upon hearing this, the auditor frowned: \u201cSigning to confirm does not mean the employee actually understands the content, nor does it mean the employee has changed their behavior.\u201d<\/div><div class=\"ace-line ace-line old-record-id-PFf8d4Hefo1YG3xauRgcz2qsnEh\">This is the challenge of the review process\u2014you need to demonstrate not just \u201cwhat was done,\u201d but \u201cwhat the results were.\u201d<\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0868bb5 elementor-widget elementor-widget-heading\" data-id=\"0868bb5\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">KnowBe4's Approach: Turning Testing into an Ongoing \"Control Verification\" Activity<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a6a2f91 elementor-widget elementor-widget-text-editor\" data-id=\"a6a2f91\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div data-page-id=\"WGjMdultQoaytmxVP47cpp4pnMe\" data-lark-html-role=\"root\" data-docx-has-block-data=\"false\"><div class=\"ace-line ace-line old-record-id-CzBqdMaFToI3o6xmqFQcqebnnmb\">In the eyes of auditors, what is KnowBe4\u2019s strongest selling point? It\u2019s not the number of training courses, but rather<strong>A comprehensive, historically verifiable, and continuously updated set of \u201cfield-tested records\u201d<\/strong>The<\/div><div class=\"ace-line ace-line old-record-id-DEE2dhBIRoPVCjxBmKucUXh2nqf\">\u00a0<\/div><div class=\"ace-line ace-line old-record-id-X55yd6a7WoEZfTxm0zdc10oYnN0\"><strong>1. Standardized social engineering testing = \u201ccontrol testing\u201d for audits<\/strong><\/div><div class=\"ace-line ace-line old-record-id-ZADUdqK1ao42YwxJd7Kc5jcZnvc\">Article 25 of the CISO requires that security audits must include \u201cverification of the effective operation of the security management plan.\u201d What does \u201ceffective operation\u201d mean? One of the most straightforward ways to assess this is through regular, realistic attack simulations.<\/div><div class=\"ace-line ace-line old-record-id-NSjjdnWa5oELLlxR86ycJGaLnEh\">\u00a0<\/div><div class=\"ace-line ace-line old-record-id-VatedSQdxo3rj5xNKklcgD90n9b\">KnowBe4\u2019s approach is simple: it sends employees a round of phishing simulations every week or month. These simulations cover:<\/div><div class=\"ace-line ace-line old-record-id-MR0NdHVxeo3tb8xqtWVcOaW8nKd\">\u00a0<\/div><ul class=\"list-bullet1\"><li class=\"ace-line ace-line old-record-id-DApxdxgqGoHVPxxFH1Yc8QfQnOh\" data-list=\"bullet\"><div>Common Banking &amp; Financial Scam Emails<\/div><\/li><li class=\"ace-line ace-line old-record-id-ZsHhd1PkvoJzTFxrJAacWjMTnfd\" data-list=\"bullet\"><div>Procurement Fraud Involving Fake Suppliers<\/div><\/li><li class=\"ace-line ace-line old-record-id-DZUmdKySLotAlnxwMeecR1Voneh\" data-list=\"bullet\"><div>Authorization Request from an Impostor Claiming to Be the CEO<\/div><\/li><li class=\"ace-line ace-line old-record-id-VtoVdyc8MoxbiixJOLmcjuBnnJf\" data-list=\"bullet\"><div>Fake Delivery \/ Shipping Confirmation Notifications<\/div><\/li><\/ul><div class=\"ace-line ace-line old-record-id-Ajo1dYxioo17EIxRWlJcBPQmnac\">Each round of testing is recorded, and auditors can view:<\/div><ul class=\"list-bullet1\"><li class=\"ace-line ace-line old-record-id-HluHdN78rofWnXx9vvHcSNErnAn\" data-list=\"bullet\"><div>Test Duration, Content, and Target Audience<\/div><\/li><li class=\"ace-line ace-line old-record-id-LJTOdXwFXoWAcxxH2SYciIojnyf\" data-list=\"bullet\"><div>How many people clicked on it, how many reported it, and how many fell for it and then underwent retraining?<\/div><\/li><li class=\"ace-line ace-line old-record-id-TIYZdbC7JoYqMGxdHRncRpm0nnf\" data-list=\"bullet\"><div>Has the click-through rate improved between the two tests?<\/div><\/li><\/ul><div class=\"ace-line ace-line old-record-id-Wu7ndnB4ZoKGU4xBrkTcHaygnYb\">This isn't just \"data\"; it's<strong>\"Real-Time Thermometer for Monitoring Effectiveness\"<\/strong>. Auditors will notice that it\u2019s not just about saying, \u201cWe have a safety awareness program,\u201d but rather demonstrating that \u201cWe conduct monthly practical tests of our employees\u2019 defensive capabilities and adjust our training strategies based on the results.\u201d These are two entirely different levels of persuasiveness.<\/div><div class=\"ace-line ace-line old-record-id-NZo2dv6OMoyBc7xnmDZcDWTtn8e\"><strong>2. Traceable Chain of Evidence<\/strong><\/div><div class=\"ace-line ace-line old-record-id-Pfb9dpo7zorB0CxiGg1cTm40nd0\">Article 25 of the CISO requires you to submit \u201cwritten records\u201d documenting how the audit was conducted. KnowBe4 can automatically generate audit-level reports that include:<\/div><div class=\"ace-line ace-line old-record-id-RE0UdOHSNoPlQixbfD7coR7pnlX\">\u00a0<\/div><ul class=\"list-bullet1\"><li class=\"ace-line ace-line old-record-id-MB3KdNIpsoXxz6xrUsIc5KW8n2f\" data-list=\"bullet\"><div><strong>Test Specifications<\/strong>: Specific parameters for each fishing test (send time, content, target audience, results data)<\/div><\/li><li class=\"ace-line ace-line old-record-id-Sb0tdJyTNoeMnaxPfgFc6t0vnMh\" data-list=\"bullet\"><div><strong>Risk Improvement Trend Chart<\/strong>: Use charts to illustrate the trend in improvements in employee safety awareness (typically a downward-sloping \u201cgood news\u201d curve)<\/div><\/li><li class=\"ace-line ace-line old-record-id-GEitdvAQiorgJJx1WIlcHmEHnfe\" data-list=\"bullet\"><div><strong>Department Benchmarking Table<\/strong>: Comparison of Risk Scores Across Departments<\/div><\/li><li class=\"ace-line ace-line old-record-id-Ir9hdW4fwoPwfQxqJdxcP9EMnah\" data-list=\"bullet\"><div><strong>Personal Learning Record<\/strong>: Who completed which training, passed which tests, and achieved how much improvement<\/div><\/li><\/ul><div class=\"ace-line ace-line old-record-id-AtTqdpAxMoDxT6xpcOVc4Wqunzb\">When auditors review this set of materials, they will think, \u201cThis company takes a very systematic approach to managing human-related risks; it\u2019s not just a reactive effort.\u201d<\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cb3c308 elementor-widget elementor-widget-heading\" data-id=\"cb3c308\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">IV. Core Value 3: Simplified Reporting\u2014Export Regulatory-Grade Documents with a Single Click<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cadc517 elementor-widget elementor-widget-heading\" data-id=\"cadc517\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">The Truth About the Cost of Time<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2bfa2f6 elementor-widget elementor-widget-text-editor\" data-id=\"2bfa2f6\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div data-page-id=\"WGjMdultQoaytmxVP47cpp4pnMe\" data-lark-html-role=\"root\" data-docx-has-block-data=\"false\"><div class=\"ace-line ace-line old-record-id-BzaKdYeAJo6oB9xYNVBciBwZnlg\">According to feedback from many companies, the most time-consuming part of annual risk assessments and biennial audits is often not the technical work of \u201cconducting the assessment,\u201d but rather<strong>\"Finding data, organizing data, and putting together reports\"<\/strong>administrative work. A compliance assessment report typically requires reviewing multiple departments and systems to piece together a complete picture, a process that often takes 4 to 8 weeks.<\/div><div class=\"ace-line ace-line old-record-id-Pif5dltZIocEW5xjEjpc2yPdn31\">KnowBe4 can reduce this time to just a few days.<\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e84dd41 elementor-widget elementor-widget-heading\" data-id=\"e84dd41\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">KnowBe4's Built-in Reporting System<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7ab96ed elementor-widget elementor-widget-text-editor\" data-id=\"7ab96ed\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div data-page-id=\"WGjMdultQoaytmxVP47cpp4pnMe\" data-lark-html-role=\"root\" data-docx-has-block-data=\"false\"><div class=\"ace-line ace-line old-record-id-FjsJd9ioFoYpIExmBiEcCUF8nEf\">The platform includes over 60 built-in report templates, including:<\/div><div class=\"ace-line ace-line old-record-id-TYl6dn5wyo8E51xpNAjc2ncFnrb\">\u00a0<\/div><ul class=\"list-bullet1\"><li class=\"ace-line ace-line old-record-id-Tye7dR821orHo8xYTBScAvULnFb\" data-list=\"bullet\"><div><strong>Management Dashboard<\/strong>: The CEO and the Risk Committee can see at a glance the company\u2019s overall security posture, key risk metrics, and improvement trends<\/div><\/li><li class=\"ace-line ace-line old-record-id-UFTcd3UVvo9QpfxvAtQcETWEnkc\" data-list=\"bullet\"><div><strong>Detailed Risk Assessment Report<\/strong>: May be submitted directly as the \u201cHuman-Induced Risks\u201d section of the report under Article 24<\/div><\/li><li class=\"ace-line ace-line old-record-id-AcXOdZmK2o1shQx21F3cwy0QnZf\" data-list=\"bullet\"><div><strong>Audit Readiness Report<\/strong>: By organizing your operations according to standards such as ISO 27001 and NIST, third-party auditors will immediately see which requirements you meet.<\/div><\/li><li class=\"ace-line ace-line old-record-id-KpJIdaCPuoiJZ4xqEw6cbHxbnld\" data-list=\"bullet\"><div><strong>Department\/Functional Analysis Report<\/strong>: Help managers from different departments understand where their departments' security vulnerabilities lie<\/div><\/li><\/ul><div class=\"ace-line ace-line old-record-id-RFiOdwebSog7RTxBDJFcsdM7nxe\">All reports are available<strong>Export to PDF or Excel with a single click<\/strong>...which you can embed directly into your evaluation document, eliminating the need for manual conversion.<\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f2816e8 elementor-widget elementor-widget-heading\" data-id=\"f2816e8\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">The Legal Shield of \u201cHaving Done Everything Reasonably Possible\u201d<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-79e4919 elementor-widget elementor-widget-text-editor\" data-id=\"79e4919\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div data-page-id=\"WGjMdultQoaytmxVP47cpp4pnMe\" data-lark-html-role=\"root\" data-docx-has-block-data=\"false\"><div class=\"ace-line ace-line old-record-id-JdLxdgHMhoJiUKxgUhUcnrATnDR\">Article 66 of the CISO mentions the concept of \u201cdue diligence,\u201d which means that even if you do suffer a cyberattack, your liability will be significantly reduced as long as you can prove that you did everything in your power to defend against it.<\/div><div class=\"ace-line ace-line old-record-id-VXh5dLPfMovg12xeMtWckMdqnIf\">\u00a0<\/div><div class=\"ace-line ace-line old-record-id-VykwdfbMroUO7axuaRYcseSxngJ\">This documentation system developed by KnowBe4 is your best legal defense to demonstrate that you have \u201cexercised due diligence.\u201d Because you can prove that:<\/div><ul class=\"list-bullet1\"><li class=\"ace-line ace-line old-record-id-Aaead46ero6GeZx0sTwcPHQxnud\" data-list=\"bullet\"><div>We regularly assess human-related risks<\/div><\/li><li class=\"ace-line ace-line old-record-id-LHYSdSzYnofjFaxoZx5cikqpnbc\" data-list=\"bullet\"><div>We continue to conduct social engineering tests<\/div><\/li><li class=\"ace-line ace-line old-record-id-SOoOd0xcJoQEdgx8n9Lcu7J5n6c\" data-list=\"bullet\"><div>We continuously optimize our training based on the test results.<\/div><\/li><li class=\"ace-line ace-line old-record-id-T2aEdR3ROotxjcxNXrrczvsQncg\" data-list=\"bullet\"><div>We have a comprehensive record of improvements<\/div><\/li><\/ul><div class=\"ace-line ace-line old-record-id-YQy1dA8m7osQnMx1btkcGT21nMf\">This body of evidence can help you significantly reduce your liability in a subsequent review or even in legal proceedings.<\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7e02f24 elementor-widget elementor-widget-heading\" data-id=\"7e02f24\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">Action Checklist: Three Steps to Start Today<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9d15547 elementor-widget elementor-widget-text-editor\" data-id=\"9d15547\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div data-page-id=\"WGjMdultQoaytmxVP47cpp4pnMe\" data-lark-html-role=\"root\" data-docx-has-block-data=\"false\"><div class=\"ace-line ace-line old-record-id-D1YodHYYjoZzZGx7QEoc6W9Knke\">If you\u2019re a risk or technology manager who\u2019s swamped with annual assessments and upcoming audits, consider these three steps:<\/div><div class=\"ace-line ace-line old-record-id-Z3qPdehE0oKUDIxKyr0cjlT9nad\"><strong>Step 1: Baseline Assessment (to be completed this month)<\/strong> Schedule a free KnowBe4 demo to conduct a company-wide phishing baseline test. Spend just 30 minutes on deployment to get a clear snapshot of your organization\u2019s human risk profile.<\/div><div class=\"ace-line ace-line old-record-id-O8XbdIoX9oqBODxqLWTcFEbHn5c\"><strong>Step 2: Restructuring of the Assessment Report (to begin next month)<\/strong> Incorporate the baseline data into your annual risk assessment report, particularly in the \u201cThreat Identification\u201d and \u201cEffectiveness of Existing Controls\u201d sections.<\/div><div class=\"ace-line ace-line old-record-id-EuvOdfgZLo9Fnwxft8LchVPSnCc\"><strong>Step 3: Ready for Review (Ongoing)<\/strong> Establish a monthly phishing test and training program so that when third-party auditors review it, they see a<strong>A dynamic, continuously validated security management plan<\/strong>, rather than a static, outdated document.<\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3e52f5e elementor-widget elementor-widget-heading\" data-id=\"3e52f5e\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-small\">IV. CONCLUSION<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aab81e6 elementor-widget elementor-widget-text-editor\" data-id=\"aab81e6\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div data-page-id=\"WGjMdultQoaytmxVP47cpp4pnMe\" data-lark-html-role=\"root\" data-docx-has-block-data=\"false\"><div class=\"ace-line ace-line old-record-id-Zgjod4i2ToTpwwxJ7gncbFlbnRh\">Articles 24 and 25 of the CISO are not intended to increase your workload, but rather to urge you to:<strong>Shifting Safety Management from a \u201cReactive\u201d to a \u201cSystematic\u201d Approach<\/strong>The<\/div><div class=\"ace-line ace-line old-record-id-IL3odE8tbo36YzxZIAHcaLWencg\">\u00a0<\/div><div class=\"ace-line ace-line old-record-id-ETH8d6kNIoGgSfxIy4bcFA8Nn6f\">What is KnowBe4\u2019s core contribution? It\u2019s helping you establish a repeatable, verifiable, and improvable management system for the \u201chuman risk\u201d dimension\u2014the one that\u2019s most easily overlooked. That way, when regulators or auditors ask, \u201cHow do you ensure your employees won\u2019t become your biggest weakness?\u201d you\u2019ll have data, stories, and trend charts to back up your answer\u2014rather than just saying, \u201cWe take this very seriously.\u201d<\/div><div class=\"ace-line ace-line old-record-id-GOt4d0E5Fo6NpaxGghMcXd1Dn3g\">\ud83d\udc49 <strong>Take Action Now<\/strong>: Schedule a KnowBe4 assessment demo to complete a company-wide phishing baseline test in 30 minutes. Identify your human risk areas today and allow ample time for improvement ahead of next year\u2019s assessments and audits.<\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-548c287 elementor-widget elementor-widget-image\" data-id=\"548c287\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1024\" height=\"544\" src=\"https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/72bc546a-0851-480a-a589-1f4ed5a5bc0b-1024x544-1.png\" class=\"attachment-large size-large wp-image-34919\" alt=\"\" srcset=\"https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/72bc546a-0851-480a-a589-1f4ed5a5bc0b-1024x544-1.png 1024w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/72bc546a-0851-480a-a589-1f4ed5a5bc0b-1024x544-1-300x159.png 300w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/72bc546a-0851-480a-a589-1f4ed5a5bc0b-1024x544-1-768x408.png 768w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/72bc546a-0851-480a-a589-1f4ed5a5bc0b-1024x544-1-18x10.png 18w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/72bc546a-0851-480a-a589-1f4ed5a5bc0b-1024x544-1-600x319.png 600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-45ed7c8 elementor-widget elementor-widget-button\" data-id=\"45ed7c8\" data-element_type=\"widget\" data-widget_type=\"button.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-button-wrapper\">\n\t\t\t\t\t<a class=\"elementor-button elementor-button-link elementor-size-sm\" href=\"https:\/\/aiportek.com\/knowbe4\/\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\"><font><font>Go to<\/font><span style=\"background-color: transparent;letter-spacing: 0px\">KnowBe4<\/span><font>Product Page<\/font><\/font><font><\/font><font><\/font><\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t<div class=\"elementor-element elementor-element-cfcf4de e-flex e-con-boxed e-con e-parent\" data-id=\"cfcf4de\" data-element_type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-dbc1b58 elementor-widget elementor-widget-heading\" data-id=\"dbc1b58\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-xl\">Other Articles<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-74adc8f elementor-posts--align-left elementor-grid-3 elementor-grid-tablet-2 elementor-grid-mobile-1 elementor-posts--thumbnail-top elementor-card-shadow-yes elementor-posts__hover-gradient elementor-widget elementor-widget-posts\" data-id=\"74adc8f\" data-element_type=\"widget\" data-settings=\"{&quot;cards_row_gap&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:100,&quot;sizes&quot;:[]},&quot;cards_columns&quot;:&quot;3&quot;,&quot;cards_columns_tablet&quot;:&quot;2&quot;,&quot;cards_columns_mobile&quot;:&quot;1&quot;,&quot;cards_row_gap_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;cards_row_gap_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]}}\" data-widget_type=\"posts.cards\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-posts-container elementor-posts elementor-posts--skin-cards elementor-grid\" role=\"list\">\n\t\t\t\t<article class=\"elementor-post elementor-grid-item post-35711 post type-post status-publish format-standard has-post-thumbnail hentry category-18 tag-decisions tag-36\" role=\"listitem\">\n\t\t\t<div class=\"elementor-post__card\">\n\t\t\t\t<a class=\"elementor-post__thumbnail__link\" href=\"https:\/\/aiportek.com\/en\/decisions-rule-business-low-code-decision-engine\/\" tabindex=\"-1\" target=\"_blank\"><div class=\"elementor-post__thumbnail\"><img decoding=\"async\" width=\"984\" height=\"438\" src=\"https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/10002.webp\" class=\"attachment-full size-full wp-image-34596\" alt=\"\" srcset=\"https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/10002.webp 984w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/10002-300x134.webp 300w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/10002-768x342.webp 768w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/10002-18x8.webp 18w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/10002-600x267.webp 600w\" sizes=\"(max-width: 984px) 100vw, 984px\" \/><\/div><\/a>\n\t\t\t\t<div class=\"elementor-post__badge\">Hongke Case<\/div>\n\t\t\t\t<div class=\"elementor-post__text\">\n\t\t\t\t<h3 class=\"elementor-post__title\">\n\t\t\t<a href=\"https:\/\/aiportek.com\/en\/decisions-rule-business-low-code-decision-engine\/\" target=\"&quot;_blank&quot;\">\n\t\t\t\t[Hongke Solutions] Why Rule-Intensive Businesses Are Better Suited for Low-Code: Making Decision Logic \u201cConfigurable\u201d Instead of \u201cHard-Coded\u201d\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t<div class=\"elementor-post__excerpt\">\n\t\t\t<p>Many rule-intensive enterprises often face challenges during digital transformation, such as business rules being tightly coupled with underlying code, cumbersome tuning processes, and difficulties in unifying logic across systems. Low-code solutions can transform decision logic into visual configurations, shortening rule iteration cycles and clarifying the division of responsibilities between business and IT. The Decisions platform integrates a low-code environment with a rules engine to independently build a shared decision-making layer. It supports drag-and-drop rule management and cross-system integration and invocation, balancing operational flexibility with IT governance and regulatory requirements.<\/p>\n\t\t<\/div>\n\t\t\n\t\t<a class=\"elementor-post__read-more\" href=\"https:\/\/aiportek.com\/en\/decisions-rule-business-low-code-decision-engine\/\" aria-label=\"Read more about [Hongke Solutions] Why Rule-Intensive Businesses Are Better Suited for Low-Code: Making Decision Logic \u201cConfigurable\u201d Instead of \u201cHard-Coded\u201d\" tabindex=\"-1\" target=\"_blank\">\n\t\t\tRead more\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-post__meta-data\">\n\t\t\t\t\t<span class=\"elementor-post-author\">\n\t\t\tHongKeTechnology\t\t<\/span>\n\t\t\t\t<span class=\"elementor-post-date\">\n\t\t\tJune 23, 2026\t\t<\/span>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/article>\n\t\t\t\t<article class=\"elementor-post elementor-grid-item post-35524 post type-post status-publish format-standard has-post-thumbnail hentry category-18 tag-knowbe4 tag-36\" role=\"listitem\">\n\t\t\t<div class=\"elementor-post__card\">\n\t\t\t\t<a class=\"elementor-post__thumbnail__link\" href=\"https:\/\/aiportek.com\/en\/knowbe4-hongkong-ciso-risk-audit-solution\/\" tabindex=\"-1\" target=\"_blank\"><div class=\"elementor-post__thumbnail\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"544\" src=\"https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/72bc546a-0851-480a-a589-1f4ed5a5bc0b-1024x544-1.png\" class=\"attachment-full size-full wp-image-34919\" alt=\"\" srcset=\"https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/72bc546a-0851-480a-a589-1f4ed5a5bc0b-1024x544-1.png 1024w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/72bc546a-0851-480a-a589-1f4ed5a5bc0b-1024x544-1-300x159.png 300w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/72bc546a-0851-480a-a589-1f4ed5a5bc0b-1024x544-1-768x408.png 768w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/72bc546a-0851-480a-a589-1f4ed5a5bc0b-1024x544-1-18x10.png 18w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/05\/72bc546a-0851-480a-a589-1f4ed5a5bc0b-1024x544-1-600x319.png 600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/div><\/a>\n\t\t\t\t<div class=\"elementor-post__badge\">Hongke Case<\/div>\n\t\t\t\t<div class=\"elementor-post__text\">\n\t\t\t\t<h3 class=\"elementor-post__title\">\n\t\t\t<a href=\"https:\/\/aiportek.com\/en\/knowbe4-hongkong-ciso-risk-audit-solution\/\" target=\"&quot;_blank&quot;\">\n\t\t\t\t[Hongke Solutions] From Passive Defense to Proactive Prevention: Easily Handle Annual Risk Assessments and Security Audits with KnowBe4\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t<div class=\"elementor-post__excerpt\">\n\t\t\t<p>Hong Kong\u2019s \u201cProtection of Critical Infrastructure (Computer Systems) Ordinance\u201d requires companies to conduct annual cybersecurity risk assessments and complete independent audits every two years. However, most companies focus solely on technical vulnerabilities while overlooking human-related risks, which account for 80 percent of cybersecurity incidents. KnowBe4 quantifies employee risk through simulated phishing tests, establishes a dynamic risk scoring mechanism, comprehensively retains data on testing, training, and improvements, and enables one-click export of regulatory-grade reports, helping enterprises implement continuous risk management and easily navigate annual assessments and security audits.<\/p>\n\t\t<\/div>\n\t\t\n\t\t<a class=\"elementor-post__read-more\" href=\"https:\/\/aiportek.com\/en\/knowbe4-hongkong-ciso-risk-audit-solution\/\" aria-label=\"Read more about \u3010Hongke Solutions\u3011From Passive Defense to Proactive Prevention: Easily Handle Annual Risk Assessments and Security Audits with KnowBe4\" tabindex=\"-1\" target=\"_blank\">\n\t\t\tRead more\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-post__meta-data\">\n\t\t\t\t\t<span class=\"elementor-post-author\">\n\t\t\tHongKeTechnology\t\t<\/span>\n\t\t\t\t<span class=\"elementor-post-date\">\n\t\t\tJune 23, 2026\t\t<\/span>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/article>\n\t\t\t\t<article class=\"elementor-post elementor-grid-item post-35569 post type-post status-publish format-standard has-post-thumbnail hentry category-18 tag-scada tag-52\" role=\"listitem\">\n\t\t\t<div class=\"elementor-post__card\">\n\t\t\t\t<a class=\"elementor-post__thumbnail__link\" href=\"https:\/\/aiportek.com\/en\/hongke-scada-system-rest-web-service-iiot\/\" tabindex=\"-1\" target=\"_blank\"><div class=\"elementor-post__thumbnail\"><img loading=\"lazy\" decoding=\"async\" width=\"1080\" height=\"710\" src=\"https:\/\/aiportek.com\/wp-content\/uploads\/2026\/06\/640-2.webp\" class=\"attachment-full size-full wp-image-35572\" alt=\"\" srcset=\"https:\/\/aiportek.com\/wp-content\/uploads\/2026\/06\/640-2.webp 1080w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/06\/640-2-300x197.webp 300w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/06\/640-2-1024x673.webp 1024w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/06\/640-2-768x505.webp 768w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/06\/640-2-18x12.webp 18w, https:\/\/aiportek.com\/wp-content\/uploads\/2026\/06\/640-2-600x394.webp 600w\" sizes=\"(max-width: 1080px) 100vw, 1080px\" \/><\/div><\/a>\n\t\t\t\t<div class=\"elementor-post__badge\">Hongke Case<\/div>\n\t\t\t\t<div class=\"elementor-post__text\">\n\t\t\t\t<h3 class=\"elementor-post__title\">\n\t\t\t<a href=\"https:\/\/aiportek.com\/en\/hongke-scada-system-rest-web-service-iiot\/\" target=\"&quot;_blank&quot;\">\n\t\t\t\t[Hongke Case Study] Hongke Panorama SCADA System: Enabling Industrial Automation and IT\/OT Convergence Through REST Web Services\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t<div class=\"elementor-post__excerpt\">\n\t\t\t<p>Learn more about how Hongke Panorama Suite uses standard REST Web Services (REST APIs) to enable bidirectional data exchange, break down data silos on the industrial floor, and seamlessly connect SCADA systems with real-world weather, energy, and telemetry big data\u2014thereby comprehensively accelerating the deep integration of enterprise IT and OT.<\/p>\n\t\t<\/div>\n\t\t\n\t\t<a class=\"elementor-post__read-more\" href=\"https:\/\/aiportek.com\/en\/hongke-scada-system-rest-web-service-iiot\/\" aria-label=\"Read more about [Hongke Case Study] Hongke Panorama SCADA System: Achieving Industrial Automation and IT\/OT Convergence Using REST Web Services\" tabindex=\"-1\" target=\"_blank\">\n\t\t\tRead more\t\t<\/a>\n\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-post__meta-data\">\n\t\t\t\t\t<span class=\"elementor-post-author\">\n\t\t\tHongKeTechnology\t\t<\/span>\n\t\t\t\t<span class=\"elementor-post-date\">\n\t\t\tJune 23, 2026\t\t<\/span>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/article>\n\t\t\t\t<\/div>\n\t\t\n\t\t\t\t<div class=\"e-load-more-anchor\" data-page=\"1\" data-max-page=\"37\" data-next-page=\"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts\/35524\/page\/2\/\"><\/div>\n\t\t\t\t<nav class=\"elementor-pagination\" aria-label=\"Pagination\">\n\t\t\t<span class=\"page-numbers prev\">\"<\/span>\n<span aria-current=\"page\" class=\"page-numbers current\"><span class=\"elementor-screen-only\">Page<\/span>1<\/span>\n<a class=\"page-numbers\" href=\"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts\/35524\/page\/2\/\"><span class=\"elementor-screen-only\">Page<\/span>2<\/a>\n<a class=\"page-numbers\" href=\"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts\/35524\/page\/3\/\"><span class=\"elementor-screen-only\">Page<\/span>3<\/a>\n<span class=\"page-numbers dots\">...<\/span>\n<a class=\"page-numbers\" href=\"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts\/35524\/page\/5\/\"><span class=\"elementor-screen-only\">Page<\/span>5<\/a>\n<a class=\"page-numbers next\" href=\"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts\/35524\/page\/2\/\">\"<\/a>\t\t<\/nav>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Hong Kong\u2019s \u201cProtection of Critical Infrastructure (Computer Systems) Ordinance\u201d requires companies to conduct annual cybersecurity risk assessments and complete independent audits every two years. However, most companies focus solely on technical vulnerabilities while overlooking human-related risks, which account for 80 percent of cybersecurity incidents. KnowBe4 quantifies employee risk through simulated phishing tests, establishes a dynamic risk scoring mechanism, comprehensively retains data on testing, training, and improvements, and enables one-click export of regulatory-grade reports, helping enterprises implement continuous risk management and easily navigate annual assessments and security audits.<\/p>","protected":false},"author":1,"featured_media":34919,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[18],"tags":[50,36],"class_list":["post-35524","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-18","tag-knowbe4","tag-36"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts\/35524","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/comments?post=35524"}],"version-history":[{"count":11,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts\/35524\/revisions"}],"predecessor-version":[{"id":35706,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/posts\/35524\/revisions\/35706"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/media\/34919"}],"wp:attachment":[{"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/media?parent=35524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/categories?post=35524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aiportek.com\/en\/wp-json\/wp\/v2\/tags?post=35524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}