Identify content you will be training your end users on. Use the activities in this phase to:
- Document your existing security policies.
- Identify any missing security policies and fill these in.
- Identify any missing and unique security topics to be covered in the training.
- Evaluate possible threat intelligence sources to help augment your security and awareness topics.
- Prioritize your security topics.
Your content is one aspect of your program delivery, but often requires the most upfront work.