NIST to Update Security Training

Friday, February 7, 2014 @ 05:02 PM gHale

The National Institute of Standards and Technology (NIST) will unveil this spring updated guidance on role-based cyber security training, which will help government agencies as well as private businesses protect information.

Known as Special Publication 800-16 Rev. 1, the guidance will focus on training tied to each individual’s role within the organization, teaching them specifically what they need to do to help protect their organization’s resources, said NIST Computer Scientist Patricia Toth, who is taking a lead role in developing the guidance.

NIST Cybersecurity Framework: What it Means
NIST Seeks Smart Grid Comments
Preliminary Cybersecurity Framework Released
DDoS Attacks: Smarter, Faster, Severe

“One example might be someone who is doing incident response,” she said. “They need to know very specifically, when an incident happens, how they need to report it, how they need to respond and what they need to do on their particular system to prevent any further damage.”

In keeping with the dynamic nature of the security environment, the new guidance will differ from the original document published more than 15 years ago. The guidance will also look at the differences between cyber security education and role-based training.

The guidance will also point out the challenges of determining whether the role-based training programs are effective.

The role of the document is to try to help those responsible for developing training to get a better handle on what they need to cover on those modules or training courses they’re trying to put together.

Toth is a supervisory computer scientist and has worked on documents and projects during her 22 years at NIST. She has been involved with the Federal Information Systems Security Educators’ Association and the National Initiative for Cybersecurity Education. She also helped write NIST’s security controls guidance.

Leave a Reply

You must be logged in to post a comment.