TABLE OF CONTENTS The ultimate value of life depends upon awareness and the power of contemplation rather than upon mere survival.
Aristotle
All Certification Packages that are Level 2 and above require a Security Awareness and Training Plan. The Security Awareness and Training Plan has to include accurate information about training that has taken place in the past, and any training that will take place in the future. Probably one of the most oft-overlooked pieces of a security program, security awareness and training is paramount to improving your agency s security posture. A Security Awareness and Training Plan is simply a documented description of the security awareness and training program.
In October 2003, the National Institute of Standards published [1] recommendations for security awareness and training programs. The document, informally known as NIST Special Publication 800-50, describes four critical elements that all security awareness and training programs should include:
Design and planning of the awareness and training program
Development of the awareness and training materials
Implementation of the awareness and training program
Measuring the effectiveness of your program and updating it
[1]Mark Wilson and Joan Hash. Building an Information Technology Security Awareness and Training Program. NIST Special Publication 800-50. National Institute of Standards and Technology, October 2003.
Many end-users simply don t understand how rampant security threats are. A security awareness and training program forces end-users to become aware of these threats. By participating in security awareness and training, end-users come...
