nexus/wiki/concepts/Security Awareness Training.md

title, type, tags, last_updated

title	type	tags	last_updated
Security Awareness Training	concept	Security Human-Factor Training	2026-04-14

Security Awareness Training

Definition

通过系统化的培训和演练提升组织内所有成员（从员工到高管）对安全威胁的认知和应对能力。

Components

• 月度安全通讯：定期向全员推送安全信息和最佳实践
• 网络钓鱼演练：模拟钓鱼攻击测试员工识别能力
• 关键指标：衡量有多少人报告可疑活动（而非仅关注点击率）

Goals

• 将安全意识融入组织文化
• 建立"全员参与"的安全防线
• 持续改进安全态势

Key Quote

"The focus is on how many people report suspicious activity." — GIS Security Awareness Program

Relationship to Global Information Security Policy (GISP)

• GISP 是政策框架，Security Awareness Training 是执行层的安全意识落地
• 两者共同构成"政策+人"的安全治理闭环

Connections

• Global Information Security Policy (GISP)：政策基础
• Global Information Security Team (GIS)：执行团队
• OpenText：实施组织