Security Education, Training, and Awareness Programs

The CISSP candidate should be familiar with the tools and objectives of security awareness, training, and education programs.

remember.eps Security awareness is an often-overlooked factor in an information security program. Although security is the focus of security practitioners in their day-to-day functions, it’s often taken for granted that common users possess this same level of security awareness. As a result, users can unwittingly become the weakest link in an information security program. Several key factors are critical to the success of a security awareness program:

check.png Senior-level management support: Under ideal circumstances, senior management is seen attending and actively participating in training efforts.

check.png Clear demonstration of how security supports the organization’s business objectives: Employees need to understand why security is important to the organization and how it benefits the organization as a whole.

check.png Clear demonstration of how security affects all individuals and their job functions: The awareness program needs to be relevant ...

Get CISSP For Dummies, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.