Welcome » IT Booklets » Information Security » Security Controls Implementation » Personnel Security » Training
Financial institutions need to educate users regarding their
security roles and responsibilities. Training should support
security awareness and strengthen compliance with security
policies, standards, and procedures. Ultimately, the behavior
and priorities of senior management heavily influence the level of
employee awareness and policy compliance, so training and the
commitment to security should start with senior management.
Training materials for desktop and workstation users would
typically review the acceptable-use policy and include issues like
desktop security, log-on requirements, password administration
guidelines, etc. Training should also address social
engineering and the policies and procedures that protect against
social engineering attacks. Many institutions integrate a
signed security awareness agreement along with periodic training
and refresher courses.