Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).
A . Channels by which the organization communicates with customers
B . The reporting mechanisms for ethics violations
C . Threat vectors based on the industry in which the organization operates
D . Secure software development training for all personnel
E . Cadence and duration of training events
F . Retraining requirements for individuals who fail phishing simulations

View Answer

Answer: CE

Explanation:

A training curriculum plan for a security awareness program should address the following factors:

The threat vectors based on the industry in which the organization operates. This will help the employees to understand the specific risks and challenges that their organization faces, and how to protect themselves and the organization from cyberattacks. For example, a healthcare organization may face different threat vectors than a financial organization, such as ransomware, data breaches, or medical device hacking1.

The cadence and duration of training events. This will help the employees to retain the information and skills they learn, and to keep up with the changing security landscape. The training events should be frequent enough to reinforce the key concepts and behaviors, but not too long or too short to lose the attention or interest of the employees. For example, a security awareness program may include monthly newsletters, quarterly webinars, annual workshops, or periodic quizzes2.

Reference: CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 2, page 34; CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 2, page 55.