Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
3.1.1.2 Create Training Materials<br />
Once the overall design and plan for the program has been completed<br />
and accepted the scope <strong>of</strong> awareness training topics must be<br />
established and appropriate and materials prepared:<br />
• Define a list <strong>of</strong> topics to be covered in the awareness training<br />
program such that sufficient information is shared to raise<br />
Awareness while not overwhelming the audience.<br />
• Prepare materials (e.g. presentations, hands-on sessions) that<br />
will be used during the instructional portion <strong>of</strong> the program as<br />
well as supportive materials (e.g. posters, SOPs) that will be<br />
used supportively once instruction is competed:<br />
o Messaging in the Awareness program should be short<br />
and simple since the audience is likely to be nontechnical<br />
and simply needs to become more aware <strong>of</strong><br />
security requirements.<br />
3.1.2. Provide Awareness Training<br />
Awareness Training is defined as the first level <strong>of</strong> the security learning<br />
continuum and its purpose is to focus attention on security and allow<br />
individuals to recognize security concerns in order to respond accordingly.<br />
Awareness must be provided to all users <strong>of</strong> a system:<br />
3.1.2.1 Provide Instructive Training<br />
Instructive training forms the core or initial thrust <strong>of</strong> the training<br />
program and is delivered in a comprehensive fashion on a periodic<br />
basis:<br />
• Provide sufficient scheduling flexibility to allow all identified<br />
personnel the opportunity to participate in operations training<br />
on a reasonable schedule but with minimal impact to regular<br />
tasks.<br />
• Deliver training via a variety <strong>of</strong> methods:<br />
o Repetition enhances understanding and adoption.<br />
o Not everyone learns best by the same technique.<br />
3.1.2.2 Provide Training Support<br />
Training support provides enhancements to the training program by<br />
delivering messaging around the concepts covered in the training<br />
program and is delivered on an on-going basis:<br />
• Training support messaging should be concise and to the<br />
point, emphasizing the core messages <strong>of</strong> the instructive<br />
training.<br />
• Training support messaging should be delivered by a variety <strong>of</strong><br />
mechanisms and media to enhance visibility and up-take.<br />
3.2. Security Operations Training<br />
6