Information Technology Reference
In-Depth Information
−
Revenue sustainment
Mission realization/mission integrity
SLAs, e.g., uptime SLAs for E-commerce site
Customer satisfaction; contract renewal
n
−
n
n
−
Cost
Cost reduction
Time spent chasing malware issues now spent on core service
Cost avoidance
Legislative compliance; SLA penalties
n
−
n
12.8
Awareness, training, and
education (Ate) Framework
All people start at the point of not knowing that they do not know, that is, they lack
awareness. Being aware means that you now know you do not know, or you now
know about something but lack depth of knowledge. With depth of knowledge
comes varying degrees of understanding, fluency, and skill. The depth of under-
standing is a combination of capability (capacity), desire, and practice. In the con-
text of IA
2
, this progression of learning follows a path to secure use:
n
n
n
n
n
Awareness
Understanding
Use
Efective use
Secure use
Awareness arises from a foundation of not knowing what you do not know.
After awareness, you know about something; there is a large difference between
knowing about something and knowing that thing. Knowing that thing is in the
realm of understanding. Knowledge precedes action and knowledge begets the
capability for use. As someone begins to use a thing, he or she begins to inquire
more into the nuances of that thing and incorporate this knowledge into ever more
refined use. This iterative process results in increasing effective use. The discipline
of information security or information assurance adds the notion of secure use.
Secure use follows effective use on the presumption that to use something securely
requires at least some level of effective use.
The ATE framework may apply to internal orientation of employees. Addition-
ally, the ATE framework applies to outreach programs as part of a campaign to
inform and persuade others with regard to security. Establishing objectives (desired
outcomes) for each level of the ATE framework provides interim goals and mile-
stones to measure progress toward those goals. With this premise in mind, let us
proceed to define a series of objective categories:
