...
When someone start in a new function, a new role of starts using of managing a new system there should be an initial security training. This initial training gives all security details about the security aspects of the new role or function. It will make the new person acquaintance with rules and regulations, processes and procedures for both day-to-day operations and for emergency situations. This applies for both usage of systems and for acquiring, designing, developing and managing systems.
Repeat Training
After initial training all people involved should have a repeat training on regular intervals. These might cover the same subjects as the initial training but ideally go into more detail or tpouich diffenrent subjects or the same subjects from a differnet angle. Just as initial training repeat training must be focused on teh targetted audience. Some training might be generic for all involved, some repeat training will be subject and role specific.
Security awareness training<…>
For awareness raising and maintaining several methods can be used. Security awarenss mostly means an adaption of behaviour and this is a difficult thing to achieve. Mostly this inviolves repeating a message and repeating it in different ways, with examples or with background informatiomn.
Training formats
Trainings can be in different formats. A training plan should use multiple formats and were possible training materials shoudl should be available for reveiw after traiiningreview after training. Of course the format mostly is already choosen by training content supplier, hoever when you have a hoice, choose different formats to make is more interesting for the trained subjects. Most used formats are: training classes, workshops, simulation sessions, books and other printed material, websites and wikis, MOOCs and other e-learning systems, games, instruction videos, recorded talks and presentations.
Maintenance of trainings and the training plan
...