Why should an organization have annual security awareness training that includes an overview of the organization’s policies?

Policies are the first and main building block of the organization’s security and functional posture. Organizations generally include policy awareness in the on-boarding process with every new employee. However, employees are prone to have lapses in recalling policies. Additionally, policies can undergo changes and revisions in time. Having an annual security awareness training that includes a review of the organization’s latest version of the policies is an effective way of ensuring every employee is aware of the current policies and cannot cite ignorance as a reason for violating them. This helps organizations have a better security posture, be more proactive of their security, as well reduce accidental security lapses that can lead to compliance and legal violations.