NIST, Computer Security Division, Computer Security Resource Center
Awareness, Training, & Education (ATE)
Public Law 100-235 titled, "The Computer Security Act of 1987," mandated NIST and OPM to create guidelines on computer security awareness and training based on functional organizational roles. Guidelines were produced in the form of NIST Special Publication 800-16 titled, "Information Technology Security Training Requirements: A Role- and Performance-Based Model." The learning continuum modeled in this guideline provides the relationship between awareness, training, and education. The publication also contains a methodology that can be used to develop training courses for a number of audiences which may be deemed to have significant information security responsibilities. In October 2003, NIST also published Special Publication 800-50 - "Building an Information Technology Security Awareness and Training Program."
- Awareness
- To focus attention on security.
- Training
- To produce relevant and needed security skills and competency.
- Education
- To integrate all (security skills and competencies) into a common body of knowledge, adding a multidisciplinary study of concepts, issues, and principles.
- Professional Development (Organizations and Certifications)
- Implies a guarantee as meeting a standard by applying evaluation or measurement criteria.