(ISC)² – a nonprofit association of certified cybersecurity professionals – has published "The Enterprise Guide to Establishing a Cybersecurity Training Program," designed to help companies create cybersecurity training plans that can be tailored to an organization’s specific needs.
The 20-page guide is a collection of best practices and guidance from subject matter experts in the field, and gives organizations a blueprint to develop formal, standards-based cybersecurity training and education programs for employees.
The guide covers three major tenets that must guide all training efforts, as well as best practices for determining who should be involved in training, how to design the curriculum, considerations for funding cybersecurity certifications, and ways to track the effectiveness of organizational programs.
In addition, the guide details how to identify those responsible for protecting an organization’s critical assets in a section specifically devoted to “Who Needs Training” and highlights how human resources, cybersecurity and IT teams can work together to decide which areas of training and assessments are needed and how to roll them out.