CISSP - Security and Risk Management - Section 1.12
Establish and maintain a security awareness, education, and training program including periodic reviews and effectiveness evaluation.
Design a security awareness and training programme that addresses social engineering threats, incorporates phishing simulations, and provides role-appropriate education at regular intervals. Evaluate programme effectiveness using measurable metrics so that content and delivery methods can be improved over time.
security awarenessphishing simulationsocial engineeringprogram effectiveness
More in this domain
Back to all Security and Risk Management objectives, or the CISSP cert hub.
Examworthy is not affiliated with or endorsed by (ISC)2. Original, blueprint-aligned practice material only.