Awareness and Training

  • Need
    • Awareness and training is a critical part of any information security program
    • People are the weakest link in any security defense
  • Components – there is a security learning continuum:
    • Awareness
    • Basic training
    • Functional training
    • Specialized education
  • Designing a program
    • Identify needs
    • Behavior (awareness)
    • Skills (training and education)
    • Plan
    • Get buy-in
    • Priorities
  • Material – audience focus is critical
  • Implementation
    • Explanation
    • Resources
    • Material
    • Medium
    • Cost
    • Schedule
  • Follow through
    • Monitoring
    • Feedback and evaluation
    • Change
    • Success indicators

KEY NIST DOCS:
800-50

Categories: Security Plans
Tags: , , ,

By on January 6th, 2009

Comments are closed.

« »