Security Education and Awareness

Planning, developing, delivering, and measuring programs to educate employees and stakeholders about security risks, policies, and best practices to foster a security-conscious culture.

Proficiency Level

Level 1 (Follow)

  • Completes all mandatory security awareness training modules on time.
  • Consistently follows basic security best practices learned (e.g., creating strong passwords, locking screen, identifying basic phishing attempts).
  • Knows how and where to report potential security incidents or concerns.

Level 2 (Assist)

  • Assists in organizing logistics for security awareness events (e.g., booking rooms, sending invitations).
  • Helps distribute security awareness materials (e.g., posters, newsletters) according to a communication plan.
  • Assists in tracking training completion rates or collecting basic feedback on awareness activities under guidance.

Level 3 (Apply)

  • Delivers standard security awareness training sessions using existing, approved materials.
  • Develops simple awareness content (e.g., short articles, tips of the week, basic quizzes) based on defined topics and key messages.
  • Responds to basic employee queries regarding security policies or best practices.

Level 4 (Ensure)

  • Designs, develops, and manages comprehensive security education and awareness programs tailored to different roles and risks within the organisation.
  • Creates engaging and effective training content, communication campaigns, and phishing simulations.
  • Selects appropriate delivery methods (e.g., e-learning, workshops, gamification) and measures the effectiveness of the program using relevant metrics (e.g., phishing click rates, incident reporting rates, knowledge assessments).

Level 5 (Strategise)

  • Develops the organisation's overall strategy for building and maintaining a strong security culture through education and awareness.
  • Aligns awareness program topics and intensity with the organisation's key security risks, compliance requirements, and threat landscape.
  • Champions security awareness at the leadership level and integrates security behaviour metrics into overall risk reporting.

Related Technical Competencies

SECURITY ADMINISTRATION

SECURITY ARCHITECTURE (APPLICATIONS DEVELOPER)

SECURITY ARCHITECTURE (SOLUTIONS ARCHITECT, ASSOCIATE SECURITY ANALYST, CYBER RISK ANALYST, SECURITY ENGINEER)

SECURITY GOVERNANCE