# Training*

# Types of Training

# Training

The formal presentation of material, often delivered by internal subject matter experts. It addresses and explains matters of the organization's policies, content mandated by regulation, and industry best practices for the organization's field.

# Education

The formal presentation of material in an academic setting, often for credit toward a degree.

# Awareness

The additional, informal, often voluntary presentation of material for the purpose of reminding and raising attention among staff.

# Training Program Categories

# Initial Training

Initial training is delivered to personnel when they first enter the employ of the organization. Often thorough and comprehensive, this should be mandatory for all personnel, regardless of their position or role. The content should be broad enough to address the security policies and procedures all staff will be expected to understand and comply with, but it should have sufficient specificity so that everyone knows hot to perform basic security functions.

Topics that might be covered could include the following:

  • Password policy
  • Physical security
  • The use of any security credentials or tokens
  • How to report security concerns
  • The acceptable use policy (AUP)

# Recurring Training

Recurring training is for continual updating of security knowledge that builds on the fundamentals taught in the initial training session. This should be done on a regular basis, on a schedule according to the needs of the organization, regulatory environment, and industry fluctuations. At the very least, each employee should receive recurring training annually.

  • Any updates and modifications to security practices and procedures
  • Changes to regulations and policies
  • Introduction of any new elements in the infrastructure

# Refresher Training

Refresher training sessions are offered to those personnel who have demonstrated a need for additional lessons. This might include those personnel who have had an extended absence from the workplace or who have missed a recurring training session.

# Additional Training Insights

  • Live Training
  • Online Courseware