A Security Practices Evaluation Framework

Perform Security Training

Ensure project staff are trained in security concepts, and in role-specific security techniques.

Description

Security training raises staff awareness of potential security risks and approaches for mitigating those risks. While some security concepts, e.g. Confidentiality, Availability, and Integrity, apply in general, role-specific training, e.g. coding techniques, database management, design concerns, is beneficial.

Practice Implementation Questions

  1. Is security treated as part of the on boarding process?
  2. Are project staff trained in the general security principles?
  3. Are project staff trained in the security techniques they are expected to apply?
  4. Is refresher training scheduled periodically?
  5. Is further training scheduled periodically?
  6. Are security mentors available to the project?

Keywords

awareness program, class, conference, course, curriculum, education, hiring, refresher, mentor, new developer, new hire, on boarding, teacher, training