详细内容或原文请订阅后点击阅览
建立网络安全和隐私学习计划:NIST 发布 SP 800-50r1
NIST 特别出版物 (SP) 800-50r1 (修订版 1),《建立网络安全和隐私学习计划》,为在联邦政府中开发和管理强大的网络安全和隐私学习计划提供了最新指南。这
来源:美国国家标准与技术研究院__信息技术信息nist特别出版物(SP)800-50R1(修订1)建立网络安全和隐私学习计划,为在联邦政府中开发和管理强大的网络安全和隐私学习计划提供了更新的指南。这项修订由《国防授权法》(NDAA)告知2021财年,2014年《网络安全增强法》以及《尼斯劳动力网络安全框架》(不错的框架)。此外,2016年对管理和预算办公室(OMB)通告A-130的更新强调了隐私和安全性在联邦信息生命周期中的作用,并要求代理商具有安全性和隐私意识和培训计划。
建立网络安全和隐私学习计划对SP 800-50的此修订:
- Integrates privacy with cybersecurity in the development of organization-wide learning programsIntroduces a life cycle model that allows for ongoing, iterative improvements and changes to accommodate cybersecurity, privacy, and organization-specific eventsIntroduces a learning program concept that incorporates language found in other NIST documentsLeverages current NIST guidance and terminology in reference documents, such as the NICE Workforce Framework for Cybersecurity, the NIST Cybersecurity Framework, the NIST Privacy Framework, and the NIST Risk Management FrameworkProposes an employee-focused cybersecurity and privacy culture for organizationsIntegrates learning programs with organizational goals to manage cybersecurity and privacy risksAddresses the challenge of measuring the impacts of cybersecurity and privacy learning programsIncorporates guidance for using standard instructional design elements, maturity models, and assessment approaches