9.3. Understanding Security Awareness and Education
Security awareness and education are critical to the success of a security effort. They include explaining policies, procedures, and current threats to both users and management.
A security-awareness and education program can do much to assist in your efforts to improve and maintain security. Such efforts need to be ongoing, and they should be part of the organization's normal communications to be effective. The following sections discuss some of the things you can do as a security professional to address the business issues associated with training the people in your organization to operate in a manner that is consistent with organizational security goals.