Building comprehensive cyber security strategies to protect people, infrastructure and assets demands research on methods and practices to reduce risks. Once the methods and practices are identified, there is a need to develop training for the manystakeholders involved, from security experts to the end user. In thispaper, we discuss new approaches for training, which includes the development of serious games for training on cyber security. The identification of the theoretical framework to be used for situation and threat assessment receives special consideration.