This bulletin is written to assist federal departments and agencies to meet their information security training responsibilities. Determining who has significant responsibilities for information security is the crucial first step that allows an organization to focus its information security training resources where they are most needed. Under the Federal Information Security Management Act (FISMA) of 2002, the head of each federal agency is directed to delegate to the Chief Information Officer (CIO) the authority to designate a senior agency information security officer known in many agencies as the Chief Information Security Officer (CISO). The CISO is responsible for, among other duties, training and overseeing personnel with significant responsibilities for information security, also known as significant information security responsibilities (SISRs). To help agencies identify those individuals with SISRs, the Information Technology Laboratory of the National Institute of Standards and Technology (NIST) is planning to update NIST Special Publication (SP) 800-50, Building an Information Technology Security Awareness and Training Program (October 2003). This bulletin provides interim assistance to federal organizations until the revision of NIST SP 800-50 has been completed.
This bulletin is written to assist federal departments and agencies to meet their information security training responsibilities. Determining who has significant responsibilities for information security is the crucial first step that allows an organization to focus its information security...
See full abstract
This bulletin is written to assist federal departments and agencies to meet their information security training responsibilities. Determining who has significant responsibilities for information security is the crucial first step that allows an organization to focus its information security training resources where they are most needed. Under the Federal Information Security Management Act (FISMA) of 2002, the head of each federal agency is directed to delegate to the Chief Information Officer (CIO) the authority to designate a senior agency information security officer known in many agencies as the Chief Information Security Officer (CISO). The CISO is responsible for, among other duties, training and overseeing personnel with significant responsibilities for information security, also known as significant information security responsibilities (SISRs). To help agencies identify those individuals with SISRs, the Information Technology Laboratory of the National Institute of Standards and Technology (NIST) is planning to update NIST Special Publication (SP) 800-50, Building an Information Technology Security Awareness and Training Program (October 2003). This bulletin provides interim assistance to federal organizations until the revision of NIST SP 800-50 has been completed.
Hide full abstract
Keywords
training; role-based training; awareness training; information security; significant responsibilities for information security; workforce planning; criteria; sources of criteria.
