NIST Special Publication 800-50 is a security awareness program. It is designed for those people who
are currently working in the information technology field and want information on security policies.
Which of the following are some of its critical steps?
Each correct answer represents a complete solution. Choose two.
A.
Awareness and Training Material Effectiveness
B.
Awareness and Training Material Development
C.
Awareness and Training Material Implementation
D.
Awareness and Training Program Design
Explanation:
NIST Special Publication 800-50 is a security awareness program. It is designed for those people who
are currently working in the information technology field and want information on security policies.
It supports the requirements that are specified in the Federal Information Security Management Act
(FISMA) of 2002 and the Office of Management and Budget (OMB) Circular A-130, Appendix III. In
this program, people can learn security policies, procedures, and techniques that can help them
secure their IT resources. The IT security awareness program identifies four critical steps, which are
as follows.
Awareness and Training Program Design (Section 3). The training documents are developed and
approved for the support of the security awareness program.
Awareness and Training Material Development (Section 4). This step of the security awareness
program focuses on the availability of training resources and material.
Program Implementation (Section 5). This step focuses on the delivery of the training material and
addresses effective communication and roll-out of the awareness and training program.
Post-Implementation (Section 6). This step focuses on the effectiveness of the security awareness
program.