Nowadays, cybercriminals are targeting organizations to launch cyberattacks by exploiting cyberthreats and vulnerabilities. Hackers keep increasing the sophistication of the cyberattacks to orchestrate the different criminal hacking phases from conducting target reconnaissance to successfully achieving the desired objectives that could result in exfiltrating more than one digital asset. Many times, the targets are critical assets that organizations utilize to run their daily operations. The aviation industry is not the exception to this, and it is a matter of time before aviation companies will be dealing with imminent cyberattacks that will impact its financial operations, business reputation, legal and compliance areas, not to mention that its stakeholders can be a victim of a cyberattack at any time. Early prevention, detection and cybersecurity awareness training are key to recognize the initial stages of most common cyberattacks. From airport personnel to aviation crews, it is crucial to professionally delivering comprehensive cyber awareness training that will enforce the main of objectives of cybersecurity to protect aeronautical assets based on the CIA triad - Confidentiality, Integrity, and Availability. This article reviews existing cybersecurity awareness training policies from the industry governance agencies and proposes a customized training program based on the CATRAM. The Cybersecurity Awareness TRAining Model (CATRAM) was developed to deliver cybersecurity training to different organizational audiences, each of these groups with specific content and separate objectives. CATRAM was originally conceived to deliver awareness training for themembers of theBoard of Directors, Top Executives, Managers, IT (Information Technology) staff and of course, end-users.
