NIST logo

Publication Citation: Building an Information Technology Security Awareness and Training Program

NIST Authors in Bold

Author(s): Mark Wilson; Joan Hash;
Title: Building an Information Technology Security Awareness and Training Program
Published: October 01, 2003
Abstract: NIST Special Publication 800-50, Building An Information Technology Security Awareness and Training Program, provides guidance for building an effective information technology (IT) security program and supports requirements specified in the Federal Information Security Management Act (FISMA) of 2002 and the Office of Management and Budget (OMB) Circular A-130, Appendix III.The document identifies the four critical steps in the life cycle of an IT security awareness and training program: 1) awareness and training program design (Section 3); 2) awareness and training material development (Section 4); 3) program implementation (Section 5); and 4) post-implementation (Section 6).The document is a companion publication to NIST Special Publication 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model. The two publications are complementary - SP 800-50 works at a higher strategic level, discussing how to build an IT security awareness and training program, while SP 800-16 is at a lower tactical level, describing an approach to role-based IT security training.
Citation: NIST SP - 800-50
Keywords: awareness; certification; design; develop; education; implement; maintain; metrics; training
Research Areas: Information Technology, Cyber Education, Computer Security
PDF version: PDF Document Click here to retrieve PDF version of paper (4MB)