NIST Special Publication 800-50 (Build an IT Awareness and Training Program)

Overview

Below is an outline of NIST Special Publication 800-50 (Build an IT Awareness and Training Program). If you’re a member, then you can log into the Library and view it in your browser using the email address you signed up with. PS. Only members can successfully log in.

  • Click HERE to log into the library (Members only).
  • Folder: Books and Guides > Security Docs

If you are having issues logging in, please check the following help guide, HERE.

 

Outline


Executive Summary
Introduction
Purpose
Audience
Scope
Policy
Roles and Responsibilities
Agency Head
Chief Information Officer
Information Technology Security Program Manager
Managers
Users

Components: Awareness, Training, Education
The Continuum
Awareness
Training
Education
Professional Development

Designing an Awareness and Training Program
Structuring an Agency Awareness and Training Program
Conducting a Needs Assessment
Developing an Awareness and Training Strategy and Plan
Establishing Priorities
Setting the Bar
Funding the Security Awareness and Training Program

Developing Awareness and Training Material
Developing Awareness Material
Selecting Awareness Topics
Sources of Awareness Material
Developing Training Material
A Model for Building Training Courses NIST Special Pub, 800-16
Sources of Training Courses and Material

Implementing the Awareness and Training Program
Communicating the Plan
Techniques for Delivering Awareness Material
Techniques for Delivering Training Material

Post-Implementation
Monitoring Compliance
Evaluation and Feedback
Managing Change
Ongoing Improvement ("Raising the Bar")
Program Success Indicators

APPENDIX A - SAMPLE NEEDS ASSESSMENT INTERVIEW AND QUESTIONNAIRE
APPENDIX B SAMPLE AWARENESS AND TRAINING METRIC
APPENDIX C SAMPLE AWARENESS AND TRAINING PROGRAM PLAN TEMPLATE
APPENDIX D SAMPLE AWARENESS POSTERS

LIST OF FIGURES
Figure 2-1 The IT Security Learning Continuum
Figure 3-1 Model 1 - Centralized Program Management
Figure 3-2 Model 2 - Partially Decentralized Program Management
Figure 3-3 Model 3 - Fully Decentralized Program Management
Figure 3-4 Techniques for Gathering Information as Part of a Needs Assessment
Figure 3-5 Understanding Overarching Agency Specific Issues
Figure 3-6 Key Questions to be Answered in Performing a Needs Assessment
Figure 3-7 Required Awareness and Training Versus Current Effort
Figure 4-1 Sample IT Security Training Matrix
Figure 4-2 Key Questions - Develop Training Material Inhouse or Outsource
Figure 5-1 Key Steps Leading to Program Implementation
Figure 6-1 Key Steps Leading to Post-Implementation
Figure 6-2 Evaluation and Feedback Techniques

 

-----

Next steps:

This article was contributed by Jason Jacobs from Guyana. Jason is a member of the Caribbean CSPA. 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.