CYBER SECURITY EDUCATION, TRAINING, AND AWARENESS

RICHARD KISSEL AND MARK WILSON

National Institute of Standards and Technology, Gaithersburg, Maryland

1 INTRODUCTION

The cyber security education, training, and awareness (ETA) program is a critical component of the cyber security program. It is the vehicle for disseminating security information that the workforce, including managers, need to do their jobs. In terms of the total security solution the importance of the workforce in achieving cyber security goals and the importance of learning as a countermeasure, cannot be overstated. Establishing and maintaining a robust and relevant ETA program as part of the overall cyber security program is the primary conduit for providing the workforce with the information and tools needed to protect an organization's vital information resources. These programs will ensure that personnel at all levels of the organization understand their cyber security responsibilities to properly use and protect the information and resources entrusted to them. Organizations that continually train their workforce in organizational cyber security policy and role-based cyber security responsibilities will have a higher rate of success in protecting information. As cited in audit reports, periodicals, and conference presentations, people are arguably the weakest element in the cyber security formula that is used to secure systems and networks. The people factor, not technology, is a critical factor that is often ...