Training Overview Monitoring Compliance

Monitoring Compliance

Once a security awareness program has been implemented, processes should be put in place to monitor compliance and effectiveness. An automated tracking system may be used to capture key information regarding program activity (e.g., courses, dates, attendees).  Ideally the tracking system should capture this data at the organization level, so that it can be used to provide enterprise wide analysis and reporting regarding awareness, training, and education initiatives.

Typical users of this data would include:

  • CIO's – Can use the data to support strategic planning, inform the organization head and other senior management officials on the health of the IT security awareness and training program, identify in-house capability and critical needs in security workforce, perform program analysis, identify activity enterprise wide, assist in security and IT budgeting, identify the need for program improvement, and assess compliance.
  • IT Security Program Managers – Can use the data to support security planning, provide status reports to the CIO and other management and security personnel, justify requests for funding, demonstrate compliance with organization-established goals and objectives, identify vendors and other training sources, respond to security-related inquiries, identify current coverage, and make adjustments for critical omissions.
  • Human Resource Departments – Can use the data to ensure that an effective mechanism exists for capturing all security-related training, identify IT security training related costs, assist in the establishment of position descriptions, support status reporting, respond to training inquiries, and aid  in professional development.
  • Organization Training Departments – Can use the data to assist in eveloping overall organization training strategy, establish training database requirements tied to security directives, identify possible training sources, support training requests, identify course relevance and popularity, support budgeting activity, and respond to inquiries.
  • Functional Managers – Can use the data to monitor their user's training progress and adjust user training plans as needed, get status reports and respond to inquiries regarding security training in their components, and identify training sources and costs to assist with budget requests and proposals.
  • Auditors – Can use the data to monitor compliance with security directives and organization policy.
  • Chief Financial Officers (CFOs) – Can use the data to respond to budget inquiries, assist in financial planning, and provide reports to the organization head and senior managers regarding security training funding activities.
  • tengasco.png
  • 26.jpg
  • 1.jpg
  • 19.jpg
  • 32.jpg
  • 22.jpg
  • 20.jpg
  • 23.jpg
  • 2.jpg
  • middle kingdom.png