Information Technology Security Training Requirements: A Role- and Performance-Based Model [open pdf - 1MB]
The overall goal of this document is to facilitate the development or strengthening of a comprehensive, measurable, cost-effective IT security program which supports the missions of the organization and is administered as an integral element of sound IT management and planning. Protecting the value of an organization's information assets demands no less. This approach allows senior officials to understand where, in what way, and to what extent IT-related job responsibilities include IT security responsibilities, permitting the most cost-effective allocation of limited IT security training resources. The issuance of this document is not intended to significantly modify Federal agencies' ongoing IT security awareness programs and activities, or to invalidate their IT security training courses or courseware. Rather, their courses will require comprehensive review and revalidation in accordance with this new performance-based model and requirements. It is expected that agencies and organizations will find training gaps and will need to establish priorities and strategies for filling them. This process cannot be accomplished by a single organization's IT security program office working alone. Instead, it requires a broad, cross-organizational strategy at the executive level to bring together various functions and organization entities that may not have previously worked together. The perspectives and expertise of training center personnel, course designers, program analysts, IT security specialists, training evaluators, and specialists in many related IT functional areas all are needed to achieve success. To assist in achieving this goal, this document identifies groups of individuals who will be able to use this guidance and suggests ways in which they may want to use it.
NIST Special Publication 800-16