The importance of a security, education, training and awareness program (November 2005)

The Safety Education Training and Awareness (SETA) program can be defined as an educational program designed to reduce the number of security breaches caused by a lack of employee safety awareness. The SETA program sets security tones for employees of the organization. Especially if it is part of employee recruitment. The awareness program explains the role of employees in the field of information security. The goal of security awareness improvement efforts is to participate. It is impossible to solve individual management problems by technology alone

Awareness raising and training programs are an important mechanism for disseminating safety information throughout the organization. They are designed to motivate safe behavior, motivate stakeholders to identify security issues, and educate them to respond accordingly. Since security awareness and training are driven not only by internal requirements of the organization but also by external empowerment, they also need to be consistent with regulatory and contractual compliance drivers. Current literature and guidelines such as ENISA and NIST highlight consistency with business needs, IT architecture, and workplace culture.

The Safety Education Training and Awareness (SETA) program can be defined as an educational program designed to reduce the number of security breaches caused by a lack of employee safety awareness. The SETA program sets security tones for employees of the organization. Especially if it is part of employee recruitment. The awareness program explains the role of employees in the field of information security. The goal of security awareness improvement efforts is to participate. It is impossible to solve individual management problems by technology alone

The important part to prevent this is the proper education of the company's employees. However, most enterprise security education and awareness programs are obsolete, obsolete, boring and lacking content tailored to specific roles within the organization. When doing such training, employees of the company often kick and cry, executives seek an exemption for a busy schedule, or force the assistant to complete the training. After such a lot of training programs, I really can not blame them.

Safety education, training, and awareness are not a substitute for technical security controls, but rather are complementary and complementary approaches that focus on individual roles and responsibilities. Departments and offices are responsible for developing a SETA plan for the project and making sure that all employees understand the responsibilities associated with the required safety education and awareness courses. Labor safety awareness and training should include at least the following, but not limited to: