If you're working in security, you're most likely going to be spreading the awareness and do the training. You need to plan and implement it when you know how it is done
Dependant upon if you’re in a big company or a small one, the methodology will be different
Some organisations may have large scale training, while others have small.
if you want to demonstrate you stood the module, some of the ideas you can put ^ some of this you can put in your writing and went through and understood
There are two main attitudes towards training.
Reactive: Something has already happened Proactive: Prevention of something possibly bad happening
Significant improvements can be made with introduction of workshop and role-based training to support awareness presentations rather than being generic alone. E.g. better to train reception about accessing the data centre, they probably don’t. but if you train them to look after when somebody enters the building like no iD what they’d need to follow, it’ll be more effective.
Choose the right management model
Through awareness and training, businesses should know that they aren’t invincible, humans are the weakest link in Cyber Security. But when training occurs, it does reduce the likelihood of common attacks being successful. If the business doesn’t choose to add it in, then the chances of an amateur attack happening is far higher.
Management model