An organisation should ensure that cyber security awareness training is provided to all personnel in order to assist them in understanding their security responsibilities and the cyber threats they may be exposed to in the course of their duties. Furthermore, the content of cyber security awareness training should be tailored to the needs of specific groups of personnel, such as general users and different classes of high-risk users. Finally, personnel with privileges beyond that of a normal user, such as software developers and system administrators, will require tailored privileged user training.
3 controls