Information Security Awareness Training - Week 6

What do we really know about security awareness training? How many of us are required to do some sort of training annually for our jobs? How much do we really pay attention to that annual training? Depending on our role within the organization, there could be many different forms of information security awareness training.

The training an executive within the company does is most likely different than the training a new hire would do. That training would most likely be different than the training an IT manager would do. How do we know what training should be taken by each employee within an organization? There are several organizations and websites that can help.

There are companies that specialize in creating information security awareness training for other organizations. Some of these companies will develop entire programs for an organization. Others will tailor the training for a specific organization and hold a webinar, or go conduct in-house training for that organization. Others already have different modules of training developed that an organization can pick and choose which modules they would need for security awareness training for their employees.

Another option is developing the training in-house. There are several websites that offer checklists and suggestions for developing a training program. One of these is the National Institute of Standards and Technology. Their 800 series Special Publications can be a great help to an organization for many different things. NIST SP 800-50, Building an Information Technology Security Awareness and Training Program, basically walks you through creating a training program for your organization.

Regardless of which method, company, training program you use, make sure you have one that is effective. Make sure your employees are up to speed on it. With the heavy reliance on technology in every business these days, you want to make sure your information is secure.