"Why Just One Year Just Isn't Enough"

Sometimes I’m asked the question why should an organization continue to pursue their awareness training year after year. After all, once people are trained isn’t that good enough? Unfortunately no, in so many ways. Think about it, if you kept your computers locked down and secure for just one year, could you stop securing them after that? Absolutely not, their security would quickly degrade. The HumanOS is no different, and here is why.1. UPDATED TRAINING:Your training should be aggressively updated at least once a year (we update our training twice a year at SANS). You would be amazed at how fast technology, attackers and the latest risks change. Over 60% of our training content changes every year, to include new examples, key …

Reposted from SANS. View original.