[ISN] OPM outlines four steps for IT security training

From: InfoSec News (isn@private)
Date: Mon Jun 14 2004 - 22:53:03 PDT

  • Next message: InfoSec News: "[ISN] Hackers target government holes"

    By Jason Miller 
    GCN Staff
    The Office of Personnel Management today outlined a four-step process
    for agencies to follow to ensure employees, contractors and others who
    access federal systems are adequately trained in IT security.
    The final rule, effective today, requires agencies to develop an IT
    security training plan.
    The plan should identify employees with significant cybersecurity
    responsibilities and provide role-specific training as detailed by the
    National Institute of Standards and Technology guidance. The rule
    * All users of agency systems must be exposed to security awareness 
      materials at least annually. 
    * Executives must receive training in IT security basics and policy 
      level training in security and planning management. 
    * Program managers, functional managers and IT functional and 
      operations personnel must received training in IT security basics, 
      management and implementation level training in security planning and 
      system security management, application lifecycle management, 
      risk management and contingency planning. 
    * CIOs, IT security program managers, auditors and other security 
      personnel, such as system and network administrators, must receive 
      training in security basics and broad training in security planning, 
      system and application security management, and system lifecycle, 
      risk and contingency planning management. 
    Agencies also must provide all new employees training before granting
    them access to federal systems. Employees must be given refresher
    training as determined necessary by the agency based on the
    sensitivity of the information that the worker uses.
    Departments also must provide new training whenever there is a
    significant change in the IT environment or procedures.
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Tue Jun 15 2004 - 01:09:52 PDT