Best Practices for Security Awareness Training:
Regular training ensures employees stay updated on emerging threats and reinforces secure
behaviors.
International Standards and Practices:
Most guidelines recommend annual training for all employees, regardless of the risk environment.
High-risk environments may benefit from supplementary training, but the baseline remains 12
months.
Why Other Options Are Incorrect:
A . High-risk every 6 months: Not a standardized recommendation.
C . Every 18 months: Leaves gaps in awareness.
D . Every 6 months: Overly frequent and impractical for many organizations.
Reference:
EC-Council and other industry standards align with providing security awareness training every 12
months to maintain effectiveness and practicality.
