Training security personnel remains a challenge

July 13, 2010

Agencies are required to provide training for personnel with significant responsibilities for information security, but selecting the appropriate level of training while husbanding limited educational resources can be a challenging task.

“Key to this effective use of limited resources is ensuring that training is provided first to those who need it most,” stated a recent bulletin from the IT Lab at the National Institute of Standards and Technology.

Deciding who needs it most, defined in the Federal Information Security Management Act as those with “significant information security responsibilities,” is easier said than. It is a task that can lead to “spirited discussions,” wrote Mark Wilson of the IT Lab’s Computer Security Division.
Using too broad a definition can prove a drain on limited training resources. “On the other side of the coin, if an organization pays lip service to the requirement and identifies too few personnel in a ‘check the box’ solution to the FISMA requirement, personnel who actually do have significant security responsibilities will not have the information security training that they need to protect the organization’s information and information system resources,” Wilson wrote.

NIST is updating its Special Publication 800-50, “Building an Information Technology Security Awareness and Training Program,” published in 2003, but in the meantime the June IT Lab bulletin, “How to Identify Personnel with Significant Responsibilities for Information Security,” offers some interim guidance.

Read More

Ready for a Private and Secure Online Workspace – GoSecure


One comment

  1. In my opinion, the lack of training has nothing to do with limited resources. The real problem is that leadership (at all levels) is not being held accountable for ensuring that personnel are being properly trained. There is a lot of money being wasted on IT projects that have little return on investment, which could have been set aside for training. Leadership’s priorities are messed up and claiming that there are limited resources is a convenient way to mask the truth.

Comments are closed.

%d bloggers like this: