Implementing a Security Awareness Training Curriculum

Advances in technology and digitalization have increased the rate of cybercrime, and organizations can no longer afford to ignore the importance of security awareness training. While the human factor is often deemed the weakest link in an organization’s cybersecurity strategy, this issue can be overcome by implementing security awareness programs. This approach requires that organizations commit to enforcing advanced security protocols. This paper discusses the need for ongoing security training and awareness programs in organizations and offers guidance on how to implement them. Social engineering attacks, especially phishing, target the human links in an organization’s information security program by applying psychological and social manipulation techniques to obtain and exploit sensitive information. Thus, organizations building curricula for security awareness training programs must focus on these types of attacks, in addition to working on other facets of security awareness. This paper focuses on the importance of social engineering awareness, the various types of social engineering attacks that should be included in security awareness training programs, and how to build simulation-based training approaches centered on social engineering.