Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
3. Awareness & Training<br />
These Awareness and Operations Training Mandatory Procedures support the Enterprise<br />
Security <strong>Policy</strong> (ITEC 7230 Rev 1), the Security Awareness Training <strong>Policy</strong> (ITEC 7400), and<br />
the Security Awareness Requirements (ITEC 7400A).<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
3. Awareness & Training <br />
3.1. Security Awareness Training<br />
3.1.1. Design and Develop an Awareness Training Program (2 sets) (1 set)<br />
3.1.2. Provide Awareness Training (2 sets) (1 set)<br />
3.2. Security Operations Training<br />
3.2.1. Design and Develop an Operations Training Program (2 sets) (1 set)<br />
3.2.2. Provide Operations Training (3 sets) (2 sets)<br />
3.3. Maintain Records <br />
3.1. Security Awareness Training<br />
The following are the Mandatory Procedures that support the Security Awareness<br />
Training section <strong>of</strong> the Default Security Requirements:<br />
3.1.1. Design and Develop an Awareness Training Program<br />
Create a program and supporting materials that are appropriate to the needs<br />
<strong>of</strong> the agency:<br />
3.1.1.1 Determine Needs and Build Programs<br />
During the Design Phase needs are identified, a plan is developed,<br />
buy-in is secured and priorities are established:<br />
• Conduct a Needs Assessment to determine the state <strong>of</strong><br />
awareness training and identify gaps that need to be filled.<br />
• Determine a strategy that includes the roles and<br />
responsibilities <strong>of</strong> those involved, the scope and goals, the<br />
target audience, the delivery method to be used, and the<br />
record keeping to be taken.<br />
• Establish the prioritized implementation timeline bearing in<br />
mind factors such as resource availability, organizational<br />
impact, current state <strong>of</strong> awareness training and any external<br />
dependencies.<br />
• Define the complexity <strong>of</strong> the material to be developed such<br />
that it meets the needs <strong>of</strong> the target group and is neither too<br />
complex nor too simple to achieve the required goal.<br />
• Determine financial requirements and obtain sufficient<br />
funding to deliver the training as planned. If sufficient funding<br />
is neither available nor can be made available, the Design<br />
portion <strong>of</strong> the program may have to redeveloped accordingly.<br />
5