SAO Course

The Cyberspace Security Talent Education Alliance of China

The Cyberspace Security Talent Education Alliance of China (hereinafter referred to as the Education Alliance) is jointly initiated and established by more than 80 universities and scientific research institutions, enterprises and public institutions, and government institutions engaged in cyberspace security industry in China under the support and guidance of China industry-University-Research Institute Collaboration Association and the leadership of Academician Binxing Fang (the convenor of the first-level discipline of cyberspace security in the Ministry of Education). The Education alliance aims to play the role of bridge and link, organize and mobilize relevant institutions in the field of cybersecurity, carry out talents education, training, cultivation, certification and employment, explore scientific and feasible network personnel training mode, to provide support for the development of national cyberspace security.

The necessity of security awareness professionals training

According to Gartner’s latest projections, released in July, 60 percent of large organizations will have comprehensive security awareness training programs by 2022, with at least one full-time person responsible for security awareness. However, Chinese government and enterprise organizations generally have not set up full-time positions of security awareness, and IT/ security departments usually temporarily transfer relevant personnel to carry out security awareness work in stages to meet the requirements of compliance or supervision. Moreover, the security awareness personnel often lack of the scientific, systematic methodological guidance, and the investment of time and energy is limited, the promotion of security awareness work also meets with resistance and low enthusiasm and participation of employees. Security awareness cannot be effectively communicated and instilled into the daily work of every employee, thus affecting the behavior of employees.
In the practice of enterprise internal security management, many enterprises focus on “technical defense”, and put most of the security budget and resources into the procurement and deployment of software/hardware security solutions, and selectively ignore or do not have the relevant budget to invest in “civil defense”. In fact, “civil defense” and “technical defense” are in the same important position, the problem solved by security technology is always limited. It is widely believed that 90% of corporate data breaches and cyber attacks are caused by human factors. The easiest and most effective way for hackers to launch cyber attacks is to attack the weakest link in the enterprise – people. Therefore, the best first security defense means is to enhance the security awareness of all staff, form a comprehensive security awareness solution, and achieve the purpose of all staff actively defending network risks.

Security Awareness Officer Training Introduction

Security Awareness Officer training, a pilot launched by the Cyberspace Security Talent Education Alliance, is the first training courses for Security Awareness professionals in China to help enterprises professional who is responsible for the construction of Security Awareness and Security Culture improve their professional knowledge, experience and skills, including:

  • Assess the human factor risk of the organization, the maturity of corporate cybersecurity culture, and the maturity of security awareness plan;
  • Create a continuous communication plan to get the attention and support from the management and all employees;
  • Create appropriate integrated marketing plans and content plans to attract the enthusiasm of employees from different departments/positions to participate in awareness plans;
  • Combine security awareness plan with organizational culture, security strategy, assessment and incentive mechanism to strengthen the implementation of security awareness plan;
  • Select the best combination of security awareness program indicators to measure its effectiveness and influence;
  • Evaluate and select appropriate third-party suppliers to achieve platform/content/service delivery;
  • Use education, behavioral science, etc. to promote employee behavior change.

Training benefits

For enterprise

  • By enhancing the security awareness of all employees to reduce the risk of user data and privacy disclosure, and help build the trust of users to the enterprise;
  • Establish the baseline of employee security behavior to reduce the security risk of human factors, and promote the construction of corporate security culture;
  • Empower employees and enhance the ability of employees to identify and respond to network security risks, to create enterprise “human firewall”, “human sensor”.

For an individual

  • Enhance employees’ security awareness knowledge and skills and become the “first line of defense” to protect enterprise network security! ;
  • To help employees master the security awareness education methodology and practical skills generally recognized by the industry;
  • To help employees develop safe behaviors at work and in life, so as to protect the security of personal information and assets.

Training objects

  • Chief Information Security Officer, Director of Information Security, Information Security Manager
  • Security awareness Officer, Security Awareness Manager
  • Compliance and Privacy Officer
  • HR Manager, Training Manager
  • Corporate Culture Development/Culture Communication Manager
  • Manufacturers of Security Awareness Education Services


This course covers six knowledge domains: requirements and challenges of security awareness, terms and concepts related to security awareness, security awareness and behavioral science, planning of security awareness plan, implementation of security awareness plan, and management of security awareness plan.

Course outline (half-day course)

Part 1: Basic Knowledge of Security Awareness

  • Introduction of security awareness training market at home and abroad, relevant laws and regulations
  • The present situation and pain point of security awareness education plan and training in enterprises
  • International standards/guidelines for security awareness – general terms and concepts for security awareness
  • Common awareness topics included in the security awareness program – responsibility and competency requirements of security awareness professionals
  • Enterprise network security culture maturity model – enterprise security awareness program maturity model
  • Security awareness program life cycle and project management – research in consciousness, psychology and behavioral sciences

Part 2: Create a Security Awareness Program

  • Assess whether the current security awareness program meets relevant compliance and audit requirements
  • Understand the organizational background and business objectives of the enterprise, and evaluate the enterprise’s current network security culture, security awareness level, risk of human factor, security incident cause analysis, gap analysis, input-output analysis, etc.
  • Build security awareness steering committee/project team with support from management and key stakeholders
  • Collect and analyze the post characteristics and awareness requirements of each business department
  • Planning awareness planning goals, budgets, key milestones, etc.
  • Plan annual program, implementation scope/training target, training content, delivery method, communication method
  • Choose the appropriate measure index of security awareness plan and choose the reasonable performance index
  • Develop security awareness policy/baseline, incentive plan, and incorporate security awareness into assessment plan
  • Set up a proper reporting and communication mechanism to manage stakeholder expectations
  • Security awareness techniques and tools (human risk matrix, questionnaire, metrics matrix, implementation schedule/checklist)

Part 3: Implement and Manage the Security Awareness Plan

  • Evaluate existing security awareness training platforms, content materials, etc.
  • Determine the advantages, budget and cycle time of platform and content self-development or external procurement
  • Selection and evaluation of third-party security awareness suppliers
  • Make security awareness plan implementation and communication plan
  • Initiate and execute the security awareness program as scheduled
  • Record and collect relevant implementation data
  • Monitor, measure and communicate the effectiveness of security awareness programs
  • Reward and share outstanding team and individual success stories
  • Annual review of overall program, content and measurement indicators
  • Internal and external conditions reassessment (business objectives, IT infrastructure, security standards/laws/regulations, etc.)
  • Continuous improvement of security awareness program
  • Security awareness techniques and tools (phishing simulation, security ambassador program, event operation, gamification, etc.)

Advanced Training SAO

Half-day Course
October 21st
Keynote & Tracks Limited Registration (Limit of 100 Guests)
USD 0 / Per Person
Advanced Training Paid Registration
USD 205 / Per Person


  1. Early Bird Price will be closed at (UTC+8) 23:59 16th October 2019.
  2. The online registration will be closed at (UTC+8) 16:00 October 18th, please register before the deadline or you’ll have to register on-site.
  3. If less than 10 people sign up for the training, the program will be stopped and a full refund will be given.
  4. More than 3 people (including) in the same company registered can enjoy a group discount of 10%.
  5. Group Discount Inquiry: