SA, Security Awareness, is the knowledge and attitude of a user in an organisation about protecting the physical and particularly the informational assets of that organisation. Security Awareness has become one of the most important investments that a company can make.
Research suggests that human error is involved in more than 90% of security breaches. SAT - Security Awareness Training, is the strategy to educate users and therefore prevent and mitigate the loss of:
- Personally identifiable information.
- Intellectual property.
An effective Security Awareness Training programme addresses the cybersecurity errors that employees may make when using email or the Internet, and in the physical world such as tailgating or improper document disposal.
The following cycle must be considered when talking about Security Awareness Training:
- Evaluate the current Security Awareness status by assessing the level of the users.
- Develop a Security Awareness Training programme.
- Deploy this programme to employees.
- Measure the progress and revise the programme where necessary.
Regular training is vital because threat techniques are constantly evolving.