Security Awareness Training
The process of educating users about IT security risks and reinforcing the importance of compliance with security policies. Most employees will have a level of awareness about the risks posed by, for example, the opening of unknown email attachments, but awareness does not always translate into behaviour. The real value of IT security awareness training is that it pre-conditions users to make them more resilient against social engineering and more vigilant when handling data. Metrics can be used to measure behavioural change. Good IT security awareness training takes into account the skillset of the audience and organisational culture.