Security awareness training
Educating the employees of an organization about general security practices and specific enterprise policies is the purpose of security awareness training. In essence, the security department attempts to reduce security incidents in the environment by presenting basic security principles in the hopes that the end user will not take an action that can cause the enterprise risk through data loss or downtime. The effectiveness of such a training has continued to be scrutinized. However, it is a requirement for standards such as the PCI DSS and is, in general, a good practice.
In order for security awareness training to be effective, it must be tailored to the organization and the various teams that will receive the training. Not all individuals or teams will have the same knowledge of technology and security, so a one size fits all approach will not have the intended effects on the security of the organization. There are components that are generic enough that they...
