This should be an overview of existing security policies & processes. Management shall ensure all employee know where to find the information and who to contact for security related matters, particurarly in case of incident. New employee should also be made aware of security policies and processes as part of the onboarding process.
This is particurarly relevant for threats related to social engineering, such as phishing, vishing and smishing. The gamification is particurarly useful for rewarding good conduct, while assigning specific training for employee who fail to identify malicious contact requests.
This type of training is relevant for employee who are involved in building and maintaining you infrastructure and products. This include (but not limited to) the following topics:
For more details about specialized and role-based security training topics, please check the following resources [17,18]