Chapter 8. Assessing Security Awareness and Knowledge of Policy
Solutions in this chapter:
▪ Security Awareness and Training
▪ Testing Knowledge and Security Awareness
Summary
Introduction
In this chapter we look at what is needed to ensure the success of a security program, awareness. This process, as defined in the National Institute of Standards and Technology (NIST) documentation, 1 consists of the following stages:
1 Developing IT policy that reflects business needs tempered by known risks;
2 Informing users on the key security responsibilities, as documented in the security policy and procedures; and
3 Establishing processes for monitoring and reviewing the program.
It is crucial that the senior management and executives of an organization lead ...
Get The IT Regulatory and Standards Compliance Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.