Information System Security Training: Making it Happen, Part 2

Abstract This article is the second of a two- part series on the importance of providing both security awareness and information systems security training to all employees, regardless of their job responsibilities. The first part (ISS, January/February 2001) discussed the process of designing and developing a security awareness program. The security awareness program should be the first step in the information system security awareness and training program. In conjunction with the awareness program, the information technology (IT) professional should design a training program. When designing and developing an information technology security- training program, there is a wide range of options that are based on specific job requirements and the daily management, operation, and protection of the information system. This article describes a framework to help develop an information system security training program that will match your organization's needs.