Activities and objectives that increase security and motivate employees to make secure decisions that follow correct objectives for themselves and their organization. Threats awareness and mitigation is a very useful tool in such security education.
Focus on objectives
Focus on objectives that elevate security awareness and competence. Motivate employees to make security-minded decisions that are in line with business objectives designed to keep systems secure. Learn about threats and how to defeat them, decrease severity or limit their impact.
Direct behavioral conditioning
Direct behavioral conditioning (for example, anti-phishing projects; see Note 1) is another form of security education, as are security communication/marketing campaigns involving posters, competitions, and advertising-style messaging
Security-based decisions more natural
Training on how to make security-based decisions more natural. How to integrate security awareness as part of a daily routine.
Focuses on general users of IT, not security or IT professionals
Gartner defines the security awareness CBT as the delivery of a standardized set of interactive security education and/or security behavior management content to a trainee/user via an endpoint computing device (such as a laptop, desktop or tablet). Training content focuses on general users of IT, not security or IT professionals. Although customization of this content may be provided as a service, the essential element is a catalog of core training content.