- For each sample security awareness training policy that you reviewed in the step above, discuss the policy’s main components. You should focus on the need for a security awareness program and its key elements.2.
- Policy Statement
Define your policy verbiage.
3. Purpose/Objectives.
Define the policy’s purpose as well as its objectives.
4. Scope
Define whom this policy covers and its scope. What elements, IT assets, or organization-owned assets are within this policy’s scope?
5.Standards
Does the policy statement point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards.
6.Procedures
Explain how you intend to implement this policy for the entire organization.
7.Guidelines
Explain any roadblocks or implementation issues that you must overcome in this section and how you will surmount them per defined guidelines. Any disputes or gaps in the definition and separation of duties responsibility may need to be addressed in this section.
8. Identify three security awareness training software providers.
9.Identify 10 questions that you would include in your RFI.
0 comments