Using the NIST Cybersecurity Framework and the organizational knowledge gained in the prior assignments, apply the Protect function to design a Security Awareness and Training Program. Specifically, the training should educate all staff on the need to secure network components to ensure network security for all hardware, software, and business functions that could be impacted.
The training program should include the following from the IT Security Learning Continuum:
- Education – describe the level of education and professional development that is needed for staff who manage cybersecurity operations in the organization.
- Training – describe each competency area of focus and the intended user audience.
- Awareness – describe each topic to be included in each awareness session or material for distribution.
- Using the link to the NIST SP 800-50 document found in weekly resources as a guide, specifically Section 3 “Designing an Awareness and Training Program”, select Model 1, Model 2, or Model 3 to structure your program, and then, justify why this model is best aligned with the needs of the organization.
- Describe how the program supports relevant governance, risk, and compliance strategies and policies for improving information security within the organization.
- Justifications for each recommendation should be supported by the NIST CSF and other industry-accepted standards.