LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

Which target groups must a security awareness training address, and how does content depth change across levels?

At minimum three groups — management, users, and technical staff — with content getting more situation-specific the closer it moves to concrete jobs.

The minimum segmentation:

  1. Management — risk responsibility, legal duties, costs, role-model function
  2. Benutzer/Anwender (users) — everyday secure behavior: mail, passwords, devices, social engineering
  3. Technische Mitarbeiter (technical staff) — secure configuration, privileged access, incident handling

Two rules:

  • Training must be tailored per group so each understands its particular responsibilities, obligations, and expectations — the admin's duties differ fundamentally from the receptionist's
  • Depth gradient: higher levels of training stay more general (broad concepts and goals); the further training moves toward specific workplaces and tasks, the more situation-specific it becomes, relating directly to particular positions

Tip: Same cascade as the document pyramid — general at the top, concrete at the base. An awareness program with one-size-fits-all content has skipped its own Zielgruppenanalyse.

From Quiz: ISM / The Human Factor — Security Awareness | Updated: Jun 04, 2026