Security is a shared responsibility between organizations and individuals. Education programs should be tailored to different user roles to improve understanding of best practices and responsibilities. Effective training involves different methods depending on the level of insight, knowledge, or awareness needed, with education providing long-term understanding, training imparting intermediate skills, and awareness building short-term knowledge. Role-based and social engineering training help ensure the right training reaches the intended audiences.
Original Description:
CISSP Domain 1 - Security Awareness Trainings
Original Title
1.12 Establish and maintain a security awareness, education, and training program
Security is a shared responsibility between organizations and individuals. Education programs should be tailored to different user roles to improve understanding of best practices and responsibilities. Effective training involves different methods depending on the level of insight, knowledge, or awareness needed, with education providing long-term understanding, training imparting intermediate skills, and awareness building short-term knowledge. Role-based and social engineering training help ensure the right training reaches the intended audiences.
Security is a shared responsibility between organizations and individuals. Education programs should be tailored to different user roles to improve understanding of best practices and responsibilities. Effective training involves different methods depending on the level of insight, knowledge, or awareness needed, with education providing long-term understanding, training imparting intermediate skills, and awareness building short-term knowledge. Role-based and social engineering training help ensure the right training reaches the intended audiences.
Role Based Awareness Training • Right training for right peoples
Education Training Awareness
• Executive users • System admins • End users
• System Owner • Tech support • Contractors • Data Owner Social Engineering Training
Social EngineeringSocial engineering, in the Employees must be trained on :
context of information security, refers to • How different social engineering attack works psychological manipulation of people into • What is the primary symptoms of a social engineering attack performing actions or divulging confidential • Recommended actions information • Regular testing / contingency exercises