LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Awareness, Training, Education — how do these three levels of the security learning continuum differ?

Awareness answers "what" and creates recognition; training answers "how" and builds skill; education answers "why" and creates understanding.

The CISSP classic (Harris & Maymí):

Awareness Training Education
Attribute "What" "How" "Why"
Level Information Knowledge Insight
Objective Recognition Skill Understanding
Method Media (video, newsletters, posters) Practical instruction (lecture, case-study workshop, hands-on) Theoretical instruction (discussion seminar, background reading)
Test True/false, multiple choice (identify learning) Problem solving (apply learning) Essay (interpret learning)
Impact timeframe Short-term Intermediate Long-term

The progression: awareness makes people recognize that something is a security matter; training makes them able to act; education makes them understand the principles well enough to handle novel situations.

Tip: Memory hook — Awareness = What, Training = How, Education = Why. Posters can't teach skills, and hands-on labs are wasted on pure recognition goals: match the instrument to the objective.

From Quiz: ISM / The Human Factor — Security Awareness | Updated: Jul 14, 2026