Security awareness training is mandated by the Computer Security Act of 1987, the Office of Management and Budget (OMB), and FISMA. Security training and awareness details are identified in the following sources:
- 5 CFR 930, Employees Responsible for the Management of Use of Federal Computer Systems
- The National Institute of Standards and Technology (NIST) Special Publication 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model, dated April 1998
- Executive Order 13103, Computer Software Piracy, dated September 30, 1998, which requires training on the prevention of software piracy
- NIST Special Publication 800-18, Guide for Developing Security Plans for Information Technology Systems, dated December 1998, which reiterates the requirement “to provide mandatory periodic training”
Evaluate these documents to determine what information would be used in creating a security awareness training manual.
In addition, describe the following:
- Rules of behavior that must be included in a security awareness manual that consists of typical policy standards and procedures to be followed
- Controls on information access
- User responsibilities for proper use of computer resources
Please provide responses to at least 2 others in the discussion area, and build on some of the return information that they identify in their responses. Did other students provide insight into certain areas of the mandates that you did not find, and how would this information impact your training manual?
Please use APA for any references used in your research of these topics.
In your own words, please post a response to the Discussion Board and comment on other postings. You will be graded on the quality of your postings.
|Due By (Pacific Time)
||05/19/2015 07:00 pm