Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Awareness, Training, & Education

Project Links

Project Overview

Public Law 100-235, "The Computer Security Act of 1987," mandated NIST and OPM to create guidelines on computer security awareness and training based on functional organizational roles. Guidelines were produced in the form of NIST Special Publication 800-16 titled, "Information Technology Security Training Requirements: A Role- and Performance-Based Model." The learning continuum modeled in this guideline provides the relationship between awareness, training, and education. The publication also contains a methodology that can be used to develop training courses for a number of audiences which may be deemed to have significant information security responsibilities. In October 2003, NIST also published Special Publication 800-50 - "Building an Information Technology Security Awareness and Training Program."

Awareness

To focus attention on security.

Training

To produce relevant and needed security skills and competency.

Education

To integrate all (security skills and competencies) into a common body of knowledge, adding a multidisciplinary study of concepts, issues, and principles.

Professional Development (Organizations and Certifications)

Implies a guarantee as meeting a standard by applying evaluation or measurement criteria.

Contacts

Nelson Hastings
nelson.hastings@nist.gov

Topics

Security and Privacy: awareness training & education

Related Projects

Small Business Center
Created May 24, 2016, Updated July 19, 2017