Awareness and Training Pattern
OpenSecurityArchitecture (OSA) distills the know-how of the security architecture community and provides readily usable patterns for your application. This is a free framework, developed and owned by the community.
Click on controls in the diagram to view details. Download SVG
When to Use
All organisations should maintain an awareness and training program.
When NOT to Use
None.
Typical Challenges
Choose a provider for awareness content which can reduce the amount of time to create a library of materials. Identify high risk job roles for additional targeted messages and training. Align the content and format to organisation culture, make sure that the style of messages resonates with the audience, work with internal communications team in your organisation.
Threat Resistance
The 'human factor' is a crucial part of maintaining information security. Without addressing awareness and training for staff and 3rd parties it is unlikely you will meet your security goals.
Assumptions
None.
Mapped Controls (11)
- AT-01 Security Awareness And Training Policy And Procedures
- AT-02 Security Awareness
- AT-03 Security Training
- AT-04 Security Training Records
- PL-04 Rules Of Behavior
- PS-01 Personnel Security Policy And Procedures
- PS-02 Position Categorization
- PS-06 Access Agreements
- PS-07 Third-Party Personnel Security
- PS-08 Personnel Sanctions
- RA-03 Risk Assessment