NIST logo

Publication Citation: How To Identify Personnel With Significant Responsibilities For Information Security

NIST Authors in Bold

Author(s): Mark Wilson;
Title: How To Identify Personnel With Significant Responsibilities For Information Security
Published: June 22, 2010
Abstract: This Bulletin is written to assist federal departments and agencies to meet their information security training responsibilities. Determining who has significant responsibilities for information security is the crucial first step that allows an organization to focus its information security training resources where they are most needed. Under the Federal Information Security Management Act (FISMA) of 2002, the head of each federal agency is directed to delegate to the Chief Information Officer (CIO) the authority to designate a senior agency information security officer known in many agencies as the Chief Information Security Officer (CISO). The CISO is responsible for, among other duties, training and overseeing personnel with significant responsibilities for information security, also known as significant information security responsibilities (SISRs). To help agencies identify those individuals with SISRs, the Information Technology Laboratory of the National Institute of Standards and Technology (NIST) is planning to update NIST Special Publication (SP) 800-50, Building an Information Technology Security Awareness and Training Program (October 2003). This bulletin provides interim assistance to federal organizations until the revision of NIST SP 800-50 has been completed.
Citation: ITLB -
Pages: 10 pp.
Keywords: Training; role-based training; awareness training; information security; significant responsibilities for information security; workforce planning; criteria; sources of criteria.
Research Areas: Computer Security, Information Delivery Systems
PDF version: PDF Document Click here to retrieve PDF version of paper (62KB)