Cybercrime proliferates and cyber-security seems evermore challenging. Literature offers large support that cyber-security is rather of behavioral than of pure technical matter. While prior research has focused on explaining organizational and individual (mis)behavior and agreed on the crucial role of cyber-security education programs, less is known on the question of what to teach in order to change behavior. With an exhaustive literature review, this article helps to build a foundation for developing training based interventions, grounded on strong behavioral models, taking a knowledge management view to foster behavioral change by supplying relevant knowledge entities. Embedded in a stream of design science research (DSR) activities this article reports on DSR’s first two phases, problem description and definition of solution objectives. This article ends with a set of design requirements to a cyber- security training environment in terms of content and learning approach grounded on the results of the literature review.