Information Security Awareness Program
An Awareness program mixes Awareness training sessions with periodic reminders and promotional materials to bring the attention of information resource users to information security issues, and to increase their understanding of vulnerabilities and threats affecting the security of USAP information. An Awareness program is typically geared towards the non-technical user community, or technical users outside an organization’s Information Technology group. The Federal Information Security Management Act of 2002 (FISMA) and OMB Circular A-130 require all users of federal information resources to receive periodic Awareness training as part of an Awareness program.
Information Security Training
Information Security training is typically considered technical training, and it focuses on improving the security skills and competencies of personnel managing, designing, developing, acquiring, and administering information resources. Technical training is intended for information security staff, and for information technology staff in positions with security related responsibilities, such as system administrators or network engineers. Technical training typically includes short courses, seminars, professional development workshops, conferences, and certificate programs. Technical training is provided to staff by the parent organization, to ensure the staff member is able to accomplish their duties.
Information Security Education
Information Security education integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge, adds a multi-disciplinary study of concepts, issues, and principles, and strives to produce information security specialists and professionals capable of vision and pro-active response. Typically, education involves a long-term course of study at the university level, and is provided to staff at the discretion of the parent organization.
Tuesday, May 26, 2009
Saturday, May 9, 2009
Security Education Program
Security education is one of the five major areas within a security program; the other four being information security, personnel security, physical security and automation security. The importance of a security education cannot be overemphasized, because it is this particular area that increases personal security awareness. From a personnel standpoint, security education directly contributes to the success of the other four areas. In the final analysis, regardless of how definitive and complete any set of security procedures might be, it will be people who execute or fail to execute those procedures.
The purpose of a security education program is to establish and maintain security awareness on the part of all personnel. Security awareness or consciousness is a state of mind, implying an understanding of security objectives, principles, and measures. It also denotes a willingness and desire on the part of the individual to assist, by fulfilling his/her security responsibilities, in achieving the objectives of a security program. This is done by helping the individual acquire an understanding of the basic principles of sound security practices and procedures as they pertain to their unit or job.
The purpose of a security education program is to establish and maintain security awareness on the part of all personnel. Security awareness or consciousness is a state of mind, implying an understanding of security objectives, principles, and measures. It also denotes a willingness and desire on the part of the individual to assist, by fulfilling his/her security responsibilities, in achieving the objectives of a security program. This is done by helping the individual acquire an understanding of the basic principles of sound security practices and procedures as they pertain to their unit or job.
Subscribe to:
Comments (Atom)