Categorize
Select
Implement
Assess
Authorize
Monitor








Use real life examples of
incidents
Use incidents as an
opportunity to teach
“what not to do”
The news has stories
everyday you can use
The best stories are often
those “closest to home”
However it serves at the least as a
subconscious reminder
Some people question the
usefulness of these warnings
http://iase.disa.mil/Pages/index.aspx
Control # Control Name
AT-1 Security Awareness and Training Policy and Procedures
AT-2 Security Awareness Training
AT-3 Role-Based Security Training
AT-4 Security Training Records
AT-5 Withdrawn
Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security Awareness & Training

Understanding the Risk Management Framework & (ISC)2 CAP Module 14: Security Awareness & Training