Chapter 9

Addressing Security Awareness and Training


Often overlooked, security awareness and training may be the most important element for improving your security posture. FISMA directs that all users for authorized systems receive annual security and privacy training. Most users are not aware of the rampant information security risks. Awareness focuses on marketing and promoting the security program inside an agency. Make users aware of the importance of information security. Security training expands their knowledge of security risks and the forms these risks take. Some organizations make access to systems dependent on initial security training. Annually access is renewed when refresh courses are completed. The NIST publication,

Get FISMA Compliance Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.