security awareness training

Security awareness training is a formal process for educating employees about computer security.

A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT).  Employees should receive information about who to contact if they discover a security threat and be taught that data as a valuable corporate asset. Regular training is particularly necessary in organizations with high turnover rates and those that rely heavily on contract or temporary staff.  Confirming how well the awareness program is working can be difficult. The most common metric looks for a downward trend in the number of incidents over time.

The National Institute of Standards and Technology (NIST) has an excellent publication with templates and guides for what should go into a security awareness training program. The 70-page document is available for free in PDF format from the institute's Web site.

This was last updated in November 2011

Continue Reading About security awareness training

Dig Deeper on Risk management