Role-based security awareness provides organizations a reference for training personnel at the appropriate
levels based on their job functions. The training can be expanded upon—and subject areas combined or
removed—according to the levels of responsibility and roles defined in the organization. The goal is to build a
reference catalogue of various types and depths of training to help organizations deliver the right training to
the right people at the right time. Doing so will improve an organization’s security as well as help maintain PCI
DSS compliance. Whether the focus is a singular, holistic, or a tiered approach, the content can be scoped to
meet an organization’s requirements.
All types of roles may not apply to all organizations, and some roles may need to be divided into subsections
to align with responsibilities. This can be modified according to the requirements of the organization.