Quiz Entry - updated: 2026.07.14
Awareness, Training, Education — how do these three levels of the security learning continuum differ?
Awareness answers "what" and creates recognition; training answers "how" and builds skill; education answers "why" and creates understanding.
The CISSP classic (Harris & Maymí):
| Awareness | Training | Education | |
|---|---|---|---|
| Attribute | "What" | "How" | "Why" |
| Level | Information | Knowledge | Insight |
| Objective | Recognition | Skill | Understanding |
| Method | Media (video, newsletters, posters) | Practical instruction (lecture, case-study workshop, hands-on) | Theoretical instruction (discussion seminar, background reading) |
| Test | True/false, multiple choice (identify learning) | Problem solving (apply learning) | Essay (interpret learning) |
| Impact timeframe | Short-term | Intermediate | Long-term |
The progression: awareness makes people recognize that something is a security matter; training makes them able to act; education makes them understand the principles well enough to handle novel situations.
Tip: Memory hook — Awareness = What, Training = How, Education = Why. Posters can't teach skills, and hands-on labs are wasted on pure recognition goals: match the instrument to the objective.