---
title: "Security Awareness Training"
type: concept
tags:
  - Security
  - Human-Factor
  - Training
last_updated: 2026-04-14
---

# Security Awareness Training

## Definition
通过系统化的培训和演练提升组织内所有成员（从员工到高管）对安全威胁的认知和应对能力。

## Components
- **月度安全通讯**：定期向全员推送安全信息和最佳实践
- **网络钓鱼演练**：模拟钓鱼攻击测试员工识别能力
- **关键指标**：衡量有多少人报告可疑活动（而非仅关注点击率）

## Goals
- 将安全意识融入组织文化
- 建立"全员参与"的安全防线
- 持续改进安全态势

## Key Quote
> "The focus is on how many people report suspicious activity." — GIS Security Awareness Program

## Relationship to [[Global Information Security Policy (GISP)]]
- GISP 是政策框架，Security Awareness Training 是执行层的安全意识落地
- 两者共同构成"政策+人"的安全治理闭环

## Connections
- [[Global Information Security Policy (GISP)]]：政策基础
- [[Global Information Security Team (GIS)]]：执行团队
- [[OpenText]]：实施组织