Below is an outline of NIST Special Publication 800-50 (Build an IT Awareness and Training Program). If you’re a member, then you can log into the Library and view it in your browser using the email address you signed up with. PS. Only members can successfully log in.
- Click HERE to log into the library (Members only).
- Folder: Books and Guides > Security Docs
If you are having issues logging in, please check the following help guide, HERE.
Roles and Responsibilities
Chief Information Officer
Information Technology Security Program Manager
Components: Awareness, Training, Education
Designing an Awareness and Training Program
Structuring an Agency Awareness and Training Program
Conducting a Needs Assessment
Developing an Awareness and Training Strategy and Plan
Setting the Bar
Funding the Security Awareness and Training Program
Developing Awareness and Training Material
Developing Awareness Material
Selecting Awareness Topics
Sources of Awareness Material
Developing Training Material
A Model for Building Training Courses NIST Special Pub, 800-16
Sources of Training Courses and Material
Implementing the Awareness and Training Program
Communicating the Plan
Techniques for Delivering Awareness Material
Techniques for Delivering Training Material
Evaluation and Feedback
Ongoing Improvement ("Raising the Bar")
Program Success Indicators
APPENDIX A - SAMPLE NEEDS ASSESSMENT INTERVIEW AND QUESTIONNAIRE
APPENDIX B SAMPLE AWARENESS AND TRAINING METRIC
APPENDIX C SAMPLE AWARENESS AND TRAINING PROGRAM PLAN TEMPLATE
APPENDIX D SAMPLE AWARENESS POSTERS
LIST OF FIGURES
Figure 2-1 The IT Security Learning Continuum
Figure 3-1 Model 1 - Centralized Program Management
Figure 3-2 Model 2 - Partially Decentralized Program Management
Figure 3-3 Model 3 - Fully Decentralized Program Management
Figure 3-4 Techniques for Gathering Information as Part of a Needs Assessment
Figure 3-5 Understanding Overarching Agency Specific Issues
Figure 3-6 Key Questions to be Answered in Performing a Needs Assessment
Figure 3-7 Required Awareness and Training Versus Current Effort
Figure 4-1 Sample IT Security Training Matrix
Figure 4-2 Key Questions - Develop Training Material Inhouse or Outsource
Figure 5-1 Key Steps Leading to Program Implementation
Figure 6-1 Key Steps Leading to Post-Implementation
Figure 6-2 Evaluation and Feedback Techniques
- To access (Members only), please click HERE to log into the library.
- Apply for membership at caribbeancspa.org/apply. If you're not already a member.
- You view our list of Members at caribbeancspa.org/members.
This article was contributed by Jason Jacobs from Guyana. Jason is a member of the Caribbean CSPA.