Sunday, April 21, 2013

Security Education, Training and Awareness

Policy is only part of information security - there are two other critical aspects to a complete security program and plan: training and awareness.

Per SANS (www.sans.org):


• Policy tells the user what to do
• Training provides the skills for performing it
• Awareness changes their behavior

If users do not know what they are suppose to do it is a policy issue. If the users do not have the skills for
performing it, then it becomes a training issue.

Quite often the user does not understand why it is important and this is a behavioral issue that needs to be changed.

 It is also very important to understand that security awareness is not just a single event but a process where  the approach is reviewed continuously and improved and sustained by metrics and success measures.

Source: SANS - Securing The Human

Posted by at

1 comment:

  1. Hijabi GirlMay 16, 2021 at 9:42 AM

    You there, this is really good post here. Thanks for taking the time to post such valuable information. Quality content is what always gets the visitors coming. Security Awareness Training

    ReplyDelete

Subscribe to: Post Comments (Atom)