Information Technology Reference
In-Depth Information
table 12.1
personal objectie-Centered Framework
a
Objective
Category
Effective
Use
Secure
Use
Awareness
Understanding
Use
Personal
Professional
Academic
a
Table purposely left blank.
12.9 SAte Framework
The security awareness, training, and education (SATE) framework is the ATE
framework with a security-specific focus. The SATE framework is as follows:
n
n
n
Security awareness
Security training
Security education
The same concepts apply as in the ATE framework, only with security-spe-
cific objectives. All members of the organization require some level of security
awareness. Some members require broader awareness, that is, greater awareness
of the breadth of security issues. Some members of the organization need security
depth by way of training (e.g., system administrator, network engineers, firewall
administrators, etc.). Security professionals require security education. The key
difference between training and education is one of mechanism focus versus con-
ceptual focus. Training provides the student with more mechanism skills, i.e.,
how to install and configure a firewall. Education provides the student with more
conceptual or philosophical insight into the reasons for a firewall, including its
fit in the greater technical scheme and the business drivers behind the need for
a firewall.
12.10 Se Framework
Systems engineering (SE) is a discipline to assist with system development and
delivery. The system framework (input, process, and output) provides a basis from
which to define an SE framework:
n
−
Input
Request
The acquisition of a capability, product, or service
n
