Industry professionals agree that the most significant security threat to an organization is its own employees. Risk control processes must be enforced to prepare your employees for the threats that target them as vulnerabilities. The SANS Institute recommends organizations educate their employees about security issues and regularly test to ensure they retain what they learn. The key question is, “How can we turn the world of Information Security, an uninteresting topic for many, into an effective and enjoyable learning process?” In response, we will look not only at the raw content but also consider three additional strategies: expanding the framework for the training material.”]
Source: https://www.csoonline.com/article/2123154/industry-view–security-training-with-style.html