Role—based awareness training is mandatory training that an employee carries out on an annual basis; an example of this would be security awareness training that is used by companies to reduce their security risks. During the training, employees will learn about social engineering attacks where the employee is targeted, for example a phishing email. There will be more information about attacks in Chapter 8, Protecting Against Attacks and Vulnerabilities, of this book.
Policy violation is where SOP and policies have been ignored. Transferring data from outside the company should be done via VPN.