Phishing attacks remain a major cybersecurity threat, particularly in environments where human factors play a critical role in system vulnerability. While organizations widely implement information security training and awareness programs, evidence on their effectiveness in promoting protective behavior remains inconsistent. This study examines the relationships among information security training, security awareness, phishing threat mitigation behavior, and reporting behavior within humanitaria