Security awareness training ensures that information systems users understand the security implications of their actions and increases the likelihood that information system security will not be breached, either intentionally or unintentionally. Without such training, users have an increased likelihood of breaching security and have lower individual culpability should they breach security.
This Security Awareness Training Policy includes the following sections:
- Default policy statements that define what the enterprise must do.
- Default procedures that define how the enterprise must do it.
- Baseline recommendations to customize the template to individual enterprise requirements.
Use this and the related templates to build an efficient and effective enterprise security policy.