Department of Health and Human Services – Role-Based IT Training for Administrators
3.2 3.2.1 3.2.2 Awareness and Training
https://www.hhs.gov/sites/default/files/hhs-etc/rbt-it-training/index.html
This security training from the HHS is an example of requirements and guidance to provide appropriate role-based security training.
EC-Council Security Awareness Training: 6 Important Training Practices
3.2 3.2.1 3.2.2 Awareness and Training
https://aware.eccouncil.org/security-awareness-training-6-important-training-practices.html
This blog discusses security awareness best practices and references other awareness training topics
Environmental Protection Agency Information Security – Awareness and Training Procedures
3.2 3.2.1 3.2.2 Awareness and Training
https://19january2017snapshot.epa.gov/sites/production/files/2016-01/documents/cio_2150-p-02.2.pdf
The purpose of this example procedure from the EPA is to help with implementing the security control requirements for the Awareness and Training (AT) control family.
https://www.knowbe4.com/resources/whitepapers/comprehensive-anti-phishing-guide
An e-book that covers techniques to minimize cybersecurity risk due to phishing and social engineering attacks.
https://www.knowbe4.com/security-awareness-training
KnowBe4 is a large security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.
NIST SP 800-181 Rev 1: Workforce Framework for Cybersecurity (NICE Framework)
3.2 3.2.1 3.2.2 Awareness and Training
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181r1.pdf
This publication from the National Initiative for Cybersecurity Education (NICE) describes the Workforce Framework for Cybersecurity (NICE Framework), a fundamental reference for describing and sharing information about cybersecurity work.
NIST SP 800-50 Rev 1: Building a Cybersecurity Privacy Learning Program
3.2 3.2.1 3.2.2 Awareness and Training
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-50r1.pdf
This publication provides guidance for federal agencies and organizations to develop and manage a life cycle approach to building a Cybersecurity and Privacy Learning Program (CPLP).
PCI Security Standards Council Whitepaper – Best Practices for Implementing a Security Awareness Training Program
3.2 3.2.1 3.2.2 Awareness and Training
https://listings.pcisecuritystandards.org/documents/PCI_DSS_V1.0_Best_Practices_for_Implementing_Security_Awareness_Program.pdf
This guide focuses on organizational security awareness, security awareness content, and it provides a security awareness training checklist.
SANS Whitepaper – Developing an Integrated Security Training, Awareness, and Education Program
3.2 3.2.1 3.2.2 Awareness and Training
https://www.sans.org/white-papers/1160
This SANS whitepaper describes how to successfully implement a comprehensive Security Training, Awareness, and Education program.
https://securityawareness.dcsa.mil/cybersecurity/index.htm
This course introduces the threats and vulnerabilities faced when working within the government or defense industrial systems.
