Chapter 9

Addressing Security Awareness and Training


Often overlooked, security awareness and training may be the most important element for improving your security posture. FISMA directs that all users for authorized systems receive annual security and privacy training. Most users are not aware of the rampant information security risks. Awareness focuses on marketing and promoting the security program inside an agency. Make users aware of the importance of information security. Security training expands their knowledge of security risks and the forms these risks take. Some organizations make access to systems dependent on initial security training. Annually access is renewed when refresh courses are completed. The NIST publication,

Get FISMA Compliance Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.