Definition: Security Training is a key component of an organization's information assurance plan. All employees, vendors, managers, corporate officers and the Board need to be educated as to the purpose of the information assurance program. Each individual who is associated with the company must be aware of his or her own individual responsibilities.
An organization might very well have different levels of information security awareness education; one for each group of employees. Each person must be aware of the overall plan, the rationale for it and those components for which they are personally responsible.
Companies must treat information assurance as a business process.
Its Relevance: A security awareness education program is absolutely essential for an organization and its employees. The matter needs to be addressed in the official policies and procedures manual. Assurance efforts are otherwise “hit” and “miss”.