What is Security Awareness Training?
Security awareness training is a formal process for educating employees about computer security.
Employees are part of an organization’s attack surface and ensuring they have the know-how to defend themselves and the organization against threats is a critical part of a healthy security program. If an organization needs to comply with different government and industry regulations, such as FISMA, PCI, HIPAA, or Sarbanes-Oxley, it must provide security awareness training to employees to meet regulatory requirements.
Depending on the internal security resources and expertise available at an organization, it might make sense to bring in a third party to assist with security awareness training services. Regardless of whether outside assistance is leveraged, an organization’s leaders should understand what goes into building a security awareness training program, get involved, and offer feedback throughout the process.
A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT). Employees should receive information about who to contact if they discover a security threat and be taught that data is a valuable corporate asset. Regular training is particularly necessary for organizations with high turnover rates and those that rely heavily on contract or temporary staff.