37 lines
1.1 KiB
Markdown
37 lines
1.1 KiB
Markdown
---
|
||
title: "Security Awareness Training"
|
||
type: concept
|
||
tags:
|
||
- Security
|
||
- Human-Factor
|
||
- Training
|
||
last_updated: 2026-04-14
|
||
---
|
||
|
||
# Security Awareness Training
|
||
|
||
## Definition
|
||
通过系统化的培训和演练提升组织内所有成员(从员工到高管)对安全威胁的认知和应对能力。
|
||
|
||
## Components
|
||
- **月度安全通讯**:定期向全员推送安全信息和最佳实践
|
||
- **网络钓鱼演练**:模拟钓鱼攻击测试员工识别能力
|
||
- **关键指标**:衡量有多少人报告可疑活动(而非仅关注点击率)
|
||
|
||
## Goals
|
||
- 将安全意识融入组织文化
|
||
- 建立"全员参与"的安全防线
|
||
- 持续改进安全态势
|
||
|
||
## Key Quote
|
||
> "The focus is on how many people report suspicious activity." — GIS Security Awareness Program
|
||
|
||
## Relationship to [[Global Information Security Policy (GISP)]]
|
||
- GISP 是政策框架,Security Awareness Training 是执行层的安全意识落地
|
||
- 两者共同构成"政策+人"的安全治理闭环
|
||
|
||
## Connections
|
||
- [[Global Information Security Policy (GISP)]]:政策基础
|
||
- [[Global Information Security Team (GIS)]]:执行团队
|
||
- [[OpenText]]:实施组织
|