*4.2.2 Best practice trainings*

Training based on current best practices is hard to assess because best practices in cybersecurity mean different things to different people and organizations. Training based on best practices is really subjective. Typically in the USA, organizations follow NIST and the Open Web Application Security Project (OWASP) guidance [14, 29]; however, still no industry-wide standards exist for exactly what best practices entail.
