Awareness vs. Training

Awareness

The purpose of security and compliance awareness is largely to focus attention on security and compliance issues.  Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly.

An example of a topic for an awareness session is virus protection. The subject can be addressed by describing what a virus is, what can happen if a virus infects a user's system, what the user should do to protect their system, and what the user should do if a virus is discovered.

Training

Training strives to produce relevant and needed security skills and competencies. The most significant difference between training and awareness is that training seeks to teach skills, which allow a person to perform a specific function, while awareness seeks to focus an individual's attention on an issue or set of issues.  The skills acquired during training are built upon the awareness foundation, in particular, upon the security basics and literacy material.

Education

Education integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge. It strives to produce IT security specialists and professionals capable of vision and proactive response. An example of education is a degree program at a college or university.  Some people take a course or several courses to develop or enhance their skills in a particular discipline.  This is training as opposed to education.

Professional Development

Professional development is intended to ensure that users, from beginners to security professionals, possess a required level of knowledge and competence necessary for their roles.  Professional development validates skills through certification.  Such development and successful certification can be termed "professionalization."  The preparatory work to test for such a certification normally includes study of a prescribed ody of knowledge or technical curriculum, and may be supplemented by on-the-job experience.