Chapter 8. Assessing Security Awareness and Knowledge of Policy

Solutions in this chapter:

▪ Security Awareness and Training

▪ Testing Knowledge and Security Awareness

Summary

Introduction

In this chapter we look at what is needed to ensure the success of a security program, awareness. This process, as defined in the National Institute of Standards and Technology (NIST) documentation, ¹ consists of the following stages:

1 Developing IT policy that reflects business needs tempered by known risks;

2 Informing users on the key security responsibilities, as documented in the security policy and procedures; and

3 Establishing processes for monitoring and reviewing the program.

It is crucial that the senior management and executives of an organization lead ...

Get The IT Regulatory and Standards Compliance Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The IT Regulatory and Standards Compliance Handbook by Craig S. Wright

Solutions in this chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly