Security Control 9:
Security Skills Assessment and Appropriate Training to Fill Gaps
Find knowledge gaps, and fill them with exercises and training: Develop a security skills assessment program, map training against the skills required for each job, and use the results to allocate resources effectively to improve security practices.
Key: REQ = Required, REC = Recommended, OPT = Optional
| ID | Details | High | Med | Low |
|---|---|---|---|---|
|
9.1 |
Have employees and contractors on at least an annual basis take security awareness training in order to ensure they understand the information security policies and procedures, as well as their role in those procedures. |
REQ | REQ | REQ |
|
9.2 |
If necessary, develop security awareness training for various personnel job descriptions. The training should include specific, incident-based scenarios showing the threats the unit faces, and should present proven defenses against the latest attack techniques. |
REQ | REQ | REQ |
|
9.3 |
Provide awareness sessions for users who are not following policies after they have received appropriate training. |
REQ | REQ | REQ |