Quiz Entry - updated: 2026.06.04
How are awareness contents kept current, and which triggers demand an unscheduled update?
Assign ownership to a specific person and review at defined intervals — plus event triggers: policy changes, major incidents, new threats, and major technical or organizational changes.
The two pillars of content maintenance:
- Verantwortlichkeit einer bestimmten Person zuweisen — a named owner; "the team" owns nothing
- Reviews in definierten Abständen — e.g. semi-annually or annually
Plus event-driven triggers for immediate review:
- A security policy is added, changed, or retired (training must mirror the rules)
- A major incident occurs (teachable moment + possibly revealed gaps)
- An important new threat is discovered (e.g. a new fraud pattern)
- A major technical or organizational change happens (new tools, reorganization, M&A)
Why it matters: outdated awareness content is worse than none — training people on the old VPN or yesterday's threats actively damages credibility, and credibility is the currency awareness runs on.
Tip: Mirrors NIST SP 800-12 step 6 ("keep the program current") and the document-pyramid rule that lower layers change faster: awareness content sits low, so it changes often.