The security awareness process details how the organization delivers information to its users on various aspects of information security to best equip them to protect company resources and information. The formal training programs that support the organizations continual training. This includes support for formal education, industry-specific certification courses, organizational sponsored training, security conventions, and industry-sponsored events.
Security training assessment is an expert-led process and includes interviews with several departments, individuals within the workforce, and subject matter experts. This process also includes a review of organizational priorities, past security incidents, and the effectiveness of existing security training capabilities.
The human element is always the weakest link in any security system. All security systems can be defeated by human acting in an authorized or unauthorized manner. Without appropriate security awareness training, an organization is heavily susceptible to social engineering attacks. A successful attack could result in the unauthorized disclosure of user credentials to allow a subsequent breach of company information. Security training is the best way to inoculate individuals against social engineering attacks.