Annual CyberSecurity Awareness Training

INFOSECACT Model of Conducting a Needs Assessment:

A needs assessment is a process that can be used to determine an organization’s awareness and training needs. The results of a needs assessment can provide justification to convince management to allocate adequate resources to meet the identified awareness and training needs.

In conducting a needs assessment, it is important that key personnel be involved. As a minimum, the following roles should be addressed in terms of any special training needs:

• Executive Management – Organizational leaders need to fully understand directives and laws that form the basis for the security program. They also need to comprehend their leadership roles in ensuring full compliance by users within their units.

 • Security Personnel (security program managers and security officers) – These individuals act as expert consultants for their organization and therefore must be well educated on security policy and accepted best practices.

• System Owners – Owners must have a broad understanding of security policy and a high degree of understanding regarding security controls and requirements applicable to the systems they manage.

• System Administrators and IT Support Personnel – Entrusted with a high degree of authority over support operations critical to a successful security program, these individuals need a higher degree of technical knowledge in effective security practices and implementation.

• Operational Managers and System Users – These individuals need a high degree of security awareness and training on security controls and rules of behavior for systems they use to conduct business operations.