1 00:00:00,005 --> 00:00:02,002 - [Instructor] Security awareness programs 2 00:00:02,002 --> 00:00:04,008 must continuously evolve as both business 3 00:00:04,008 --> 00:00:09,002 and security requirements change and new threats emerge. 4 00:00:09,002 --> 00:00:12,002 Security professionals should use their awareness metrics 5 00:00:12,002 --> 00:00:14,008 and industry research to guide the updating 6 00:00:14,008 --> 00:00:17,001 of security awareness efforts. 7 00:00:17,001 --> 00:00:19,001 Any awareness program should include 8 00:00:19,001 --> 00:00:21,006 three important components. 9 00:00:21,006 --> 00:00:25,005 First, security training includes in-person 10 00:00:25,005 --> 00:00:28,000 and online classes and seminars 11 00:00:28,000 --> 00:00:30,009 designed to share important security information 12 00:00:30,009 --> 00:00:34,000 with employees and other stakeholders. 13 00:00:34,000 --> 00:00:37,005 Second, security education provides advanced 14 00:00:37,005 --> 00:00:39,009 formal knowledge of information security 15 00:00:39,009 --> 00:00:42,003 to security practitioners. 16 00:00:42,003 --> 00:00:45,002 Education includes formal degree programs 17 00:00:45,002 --> 00:00:47,002 and other highly structured courses 18 00:00:47,002 --> 00:00:49,004 and certificate programs. 19 00:00:49,004 --> 00:00:51,008 And third, security awareness efforts 20 00:00:51,008 --> 00:00:53,006 are designed to remind employees 21 00:00:53,006 --> 00:00:56,004 of their responsibilities on a routine basis, 22 00:00:56,004 --> 00:00:59,002 keeping security top of mind. 23 00:00:59,002 --> 00:01:01,007 Each of these three components should be updated 24 00:01:01,007 --> 00:01:05,003 during any security awareness program review. 25 00:01:05,003 --> 00:01:07,009 The awareness program review should also verify 26 00:01:07,009 --> 00:01:11,001 the types of awareness, training, and education 27 00:01:11,001 --> 00:01:14,003 provided to each employee and ensure that the level 28 00:01:14,003 --> 00:01:16,004 of knowledge provided to each employee 29 00:01:16,004 --> 00:01:19,007 is appropriate for his or her role in the organization.