Security awareness training ensures that information systems users understand the security implications of their actions and increases the likelihood that information system security will not be breached, either intentionally or unintentionally. Without such training, users have an increased likelihood of breaching security and have lower individual culpability should they breach security.
- Default policy statements that define what the enterprise must do.
- Default procedures that define how the enterprise must do it.
- Baseline recommendations to customize the template to individual enterprise requirements.