• Definition of Security Awareness Briefings as part of the awareness/training/education cycle of the enterprise
• Content areas to present
• Audience analysis & categories
• Training matrix
• Preparation of briefings How to increase awareness of INFOSEC/IA in users of complex IT systems
• Definition of Security Awareness Briefings as part of the awareness/training/education cycle of the enterprise
• Content areas to present
• Audience analysis & categories
• Training matrix
• Preparation of briefings What You'll Learn
• To be able to generate annual security awareness briefing information in the proper format with necessary information
• To be able to deliver annual security awareness briefings in a meaningful manner
• To understand the annual transition from topics
• To understand the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model Course Outline
• Definition of Security Awareness Briefings as part of the awareness/training/education cycle of the enterprise • Content areas to present
• Audience analysis & categories
• Training matrix
• Preparation of briefings Labs Exercise #1 - Enterprise Awareness
• Create goals & objectives for security awareness briefings in your enterprise (if it exists, it will be used in the next step)
• Define what you think are the top three key issues to include in security awareness briefings in your enterprise
• Justify how each of the key issues meets goals & objectives
• Present the justification to the class (no more than 5 minute presentation per student) Exercise #2 - INFOSEC Training Plan
• Review the enterprise INFOSEC/IA training plan you brought with you from your enterprise ? If one was not available, develop an outline for an INFOSEC/IA training plan
• Make recommendations for your enterprise based on your review of an existing training plan or the outline you developed Course Code: 9963 On-Site Learning 2 Day Course Partner-delivered Course Who Needs to Attend Information System Security Officers who will generate and deliver Annual Security Awareness briefings Prerequisites Preferred: Information System Security Officer Duties - FIPS 200 Required: Current role of Information System Security Officer Information System Security Officer Duties - FIPS 200 Follow-On Courses There are no follow-ons for this course.
• Take no more than 5 minutes to present your recommendations to the class & solicit their input Exercise #3 - Prepare a Briefing
• Using the information from Exercise #1 as modified by your thinking of the material presented in the training course, prepare a rough Security Awareness Briefing for your enterprise (no more than 10 slides)
• Present to the class for feedback