The information security domain consists of many concepts and definitions. Also, information security initiatives in an organization will have many policies, procedures, and technology components. In order to have an effective security within the organization, it is important for the people, or personnel, to be aware of the security requirements, the organization-specific security policies and procedures, and most importantly, the specific roles and responsibilities of the personnel pertaining to security.
Security awareness and training is one of the core components of the risk management program in any organization. The objective is to ensure that the personnel are aware of the security requirements and are trained to handle day-to-day security events.