Quiz Entry - updated: 2026.06.04
Which target groups must a security awareness training address, and how does content depth change across levels?
At minimum three groups — management, users, and technical staff — with content getting more situation-specific the closer it moves to concrete jobs.
The minimum segmentation:
- Management — risk responsibility, legal duties, costs, role-model function
- Benutzer/Anwender (users) — everyday secure behavior: mail, passwords, devices, social engineering
- Technische Mitarbeiter (technical staff) — secure configuration, privileged access, incident handling
Two rules:
- Training must be tailored per group so each understands its particular responsibilities, obligations, and expectations — the admin's duties differ fundamentally from the receptionist's
- Depth gradient: higher levels of training stay more general (broad concepts and goals); the further training moves toward specific workplaces and tasks, the more situation-specific it becomes, relating directly to particular positions
Tip: Same cascade as the document pyramid — general at the top, concrete at the base. An awareness program with one-size-fits-all content has skipped its own Zielgruppenanalyse.