Project 4: Develop the Training and Operations Plan

profileInca
EmployeeTrainingontheCloudOperationsPlan.pdf

Employee Training on the Cloud Operations Plan

An awareness and training program must support the business needs of the organization and be

relevant to the organization's culture and information technology architecture. The most successful

programs are those that users feel are relevant to the subject matter and issues.

Once the awareness and training program has been designed, supporting material can be developed.

Material should be developed with the following in mind:

"What behavior do we want to reinforce?"

"What skill or skills do we want the audience to learn and apply?"

In both cases, the focus should be on specific material that the participants should integrate into

their jobs. Attendees will pay attention and incorporate what they see or hear in a session if they

feel that the material was developed specifically for them. If a presentation feels so impersonal and

general that it could be given to any audience, attendees will not take it seriously. An awareness and

training program can be effective, however, if the material is interesting, current, and relevant.

The awareness audience must include all users in an organization. Users may include employees,

contractors, foreign or domestic guest researchers, other personnel, visitors, guests, and other

collaborators or associates requiring access. The awareness message program or campaign should

make all individuals aware of their commonly shared information security responsibilities.

On the other hand, the message in a training class is directed at a specific audience. The message in

training material should include everything related to security that attendees need to know in order

to perform their jobs. Training material is usually far more in-depth than material used in an

awareness session or campaign.

The program's implementation must be fully explained to the organization to achieve support for the

implementation and commitment of resources. This explanation includes expectations of

management and staff support, as well as expected results of the program and benefits to the

organization. Funding issues must also be addressed. For example, in the federal government, agency

managers must know if the cost to implement the awareness and training program will be totally

funded by the chief information officer (CIO) or information security program budget, or if the

agency managers' budgets will be impacted to cover their share of the expense of implementing the

Learning Topic

program. It is essential that everyone involved in the implementation of the program understand

their roles and responsibilities. In addition, schedules and completion requirements must be

communicated.

Once the plan for implementing the awareness and training program has been explained to (and

accepted by) management, the implementation can begin. Since there are several ways to present

and disseminate awareness and training material, organizations should tailor their implementation to

the size, organization, and complexity of their enterprise.

References

Chapter 4: Awareness and Training in NIST Special Publication 800-100, Information Security

Handbook: A Guide for Managers by Pauline Bowen, Joan Hash, and Mark Wilson comprises

public domain material from the National Institute of Standards and Technology, US

Department of Commerce.

© 2021 University of Maryland Global Campus

All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity of information

located at external sites.