Education that helps staff recognize and respond correctly to security risks such as phishing and social engineering.
Security awareness training equips employees to be a line of defense rather than a weak point. It covers everyday risks such as phishing, password hygiene, safe handling of data, and how to report suspected incidents.
Because many breaches begin with human error, regular and engaging awareness training is one of the most cost-effective controls, and ISO/IEC 27001 expects it as part of competence and awareness.
Related frameworks
KaitoSec