How people learn

Security awareness programmes aim to inform and train employees so that they are able to perform their tasks in a secure way. In many organizations, these awareness programmes are created by the security staff, sometimes in collaboration with communication specialists. These awareness programmes often include training programmes and, therefore, cybersecurity professionals will benefit from some knowledge of learning theory. The taxonomy classifies three areas of learning: the cognitive domain (knowledge), the affective domain (emotion), and the psychomotor domain (actions). The popularity of simulated phishing campaigns as part of corporate cybersecurity awareness training is still rising. Actions such as opening the email or clicking on the link are analysed to evaluate how susceptible the people are to email phishing campaigns and to guide further awareness training.