This site brings together a series of education and training modules prepared to teach introductory material with other modules contributed by their authors to the NIATEC project.
Characteristics of a sound learning program
To provide for the transition from Awareness to training there should be prescribed common knowledge base that would be expected for each of the functional categories. This grouping of knowledge was designated as Literacy and Information Systems Security Basics (LISSB) course by the eDACUM panel of experts. This approach facilitates the development of a common course (above the Awareness level) with much of the material drawn from the ‘Green Book’.
If an employee were to have had this LISSB course, he/she could be expected to enter any of the appropriate functional courses at the next higher level. AIS Security Basics (i.e., Computer Security Basics in the parlance of NIST SPEC PUB 500-172) is no longer synonymous with or co mingles with security awareness. These contents form the core of literacy and are a transition between awareness and training.
A distinction between awareness and training is that in the former, a learner is a passive recipient of information - while in the latter; a learner has a more active role in the learning process.
A primary role of awareness programs is to motivate audience to move into a training mode and actively seek more knowledge. A fundamental goal of training programs is to motivate learners to move knowledge and skills from short-term memory into long-term memory. If training has been complete, these knowledge and skills become chained sequences of behavior that require very little higher-level mental processing. This chaining makes behaviors automatic, predictable and reliable.
In organizations where these functions are not part of the information systems security function, collaboration between the corporate providers of training and the corporate planners of information systems security awareness is essential to developing and delivering quality-learning experiences.
In an education context, the employee would be encouraged to examine and evaluate not only skills and methods of work, but fundamental operating principles and tenants upon which job skills are based. The employee is using internalized concepts and skills to perform operations such as analyses, evaluation and judgment. This allows him/her to reach higher cognitive-level decisions that lead to the accommodation of newly integrated knowledge and skill.