...
- Initial security training: getting acquaintanced with rules and regulations. Initital Initial training will be specific for a role or function.
- Repeat security training: on a regular basis repeat parts of the initial training and get more indepth training on specific subjects, related to a specific role or function.
- Regular security awareness training: repeated security awareness activities on several generic and actual subjects, a mix of high- end low-intensity
...
Trainings and the training plan need to be maintained on a regular bases. It is a good practice to set up and review the training plan on a yearly basis. Based upon feedback from training activities trainings you can identify if there is any training module that needs to be updates or replaced, or if there are any subjects missing or new subjects have come up. There also might be new trainings available within the communities or commercial that can be a good or better alternative for existing training modules.
Roles and responsibilities
Security training and awareness is the responsibility of everyone involved. The system owner should make sure there is an actual training plan in place and that it is used accordingly, and allocate funding or decide upon financing.The system owner will designate roles for executing teh training plan and the actual training activities. Thsi can be a dirstibuted role though it should be coordinated.
Funding
Hiring a tutor or buying tdaining materials will need budgets. As part of teh high level training plan a E-infrastructur eneeds to define howsecurity training an awareness is financed. When it is not funded from the E-infrastructure budgets clear appointments must be made on how will take which part of the costs.