Information Technology Reference
In-Depth Information
what issues to communicate, how to communicate them, and how to measure the
effectiveness of the program.
8.7.2
SETA Architecture
The SETA architecture foundation lies with the organizational compliance require-
ments, internal policy, and results of the security awareness evaluation. An outline
of SETA architecture includes:
n
−
−
−
Evaluate current SETA environment.
Programs, delivery media
New hires, existing employees
Alignment with security policies and other business drivers or external
compliance influences
Define SETA principles.
Align with corporate goals and policy.
Define core competencies; minimal knowledge base for an effective
<position title> within <company name>.
Minimal knowledge base
Enumerate list of minimal knowledge.
Create a list or table of skills and training to develop skills.
Specialized knowledge base
Similar to above, only in specialized areas (e.g., IT, security, finance,
sales, etc.); the focus in IA architecture is security.
Evaluate skill base
Survey employees to determine current skill level.
Compare against minimal knowledge base.
Generate training plan to achieve minimal knowledge base and increase
specialized knowledge base.
Define development plans.
Prioritize according to:
Imminent need
Gap closure for policy compliance
Determine best delivery method.
Active
Live/in person, broadcast video, Web cast
Passive
CBT, Web based, document download
n
−
−
n
−
−
n
−
n
−
−
−
n
−
n
n
n
−
n
−
n
To avoid being arbitrary, devise the SETA architecture in consideration of best
practices and industry standards, best practices for general security issues (hori-
zontal issues across all industries), and security issues specific to industry verticals
