Bildungswissenschaft.info -- Zettelkasten

Karteikarten nach Stichwörtern
Awareness

66 Learning is a continuum TeX Lernen;Awareness;Motivation
Learning is a continuum; it starts with awareness, builds to training, and evolves into education.

67 Security Awareness TeX Awareness;Verhalten
Security awareness efforts are designed to change behavior or reinforce good security practices.

68 Awareness is not training. TeX Awareness;Verhalten
Awareness is not training. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly.

69 Security Awareness: Roles and Responsibilities TeX Awareness;Sicherheit;Verhalten
While it is important to understand the policies that require agencies to develop and implement awareness and training, it is crucial that agencies understand who has responsibility for IT security awareness and training. This section identifies and describes those within an organization that have responsibility for IT security awareness and training.

70 Security Awareness: Training Parts TeX Awareness;Sicherheit;Verhalten
A successful IT security program consists of: 1) developing IT security policy that reflects business needs tempered by known risks; 2) informing users of their IT security responsibilities, as documented in agency security policy and procedures; and 3) establishing processes for monitoring and reviewing the program.

71 Awareness TeX Awareness;Sicherheit;Verhalten;Lernen;Training
Awareness is not training. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly. In awareness activities the learner is a recipient of information, whereas the learner in a training environment has a more active role. Awareness relies on reaching broad audiences with attractive packaging techniques. Training is more formal, having a goal of building knowledge and skills to facilitate job performance.

72 Training TeX Awareness;Sicherheit;Verhalten;Lernen;Training
The »Training« level of the learning continuum strives to produce relevant and needed security skills and competency by practitioners of functional specialties other than IT security (e.g., management, systems design and development, acquisition, auditing).

73 Education TeX Awareness;Sicherheit;Verhalten;Lernen;Training
The »Education« level integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge, adds a multi-disciplinary study of concepts, issues, and principles (technological and social), and strives to produce IT security specialists and professionals capable of vision and pro-active response.

74 steps in the development of an IT SAK TeX Awareness;Sicherheit;Verhalten;Lernen;Training
There are three major steps in the development of an IT security awareness and training program – designing the program (including the development of the IT security awareness and training program plan), developing the awareness and training material, and implementing the program.

75 Structuring an Agency Awareness and Training Program TeX Awareness;Sicherheit;Verhalten;Lernen;Training
An awareness and training program may be designed, developed, and implemented in many different ways. Three common approaches or models are described below: *[ [Model 1: Centralized policy, strategy, and implementation;] [Model 2: Centralized policy and strategy, distributed implementation; and] [Model 3: Centralized policy, distributed strategy and implementation.] ]*

76 Evaluating training effectiveness TeX Awareness; Sicherheit; Verhalten; Lernen; Training; Evaluation; Effektivität ;
Evaluating training effectiveness is a vital step to ensure that the training delivered is meaningful. Training is “meaningful” only when it meets the needs of both the student (employee) and the organization. If training content is incorrect, outdated, or inappropriate for the audience, the training will not meet student or organizational needs. If the delivery vehicle (e.g., classroom or computer-based training) is inappropriate, either in relation to the simplicity/complexity of the content or to the type of audience—or if there is an inadequate mix of vehicles in an agency’s overall training program—the training will not meet needs. Spending time and resources on training that does not achieve desired effects can reinforce, rather than dispel, the perception of security as an obstacle to productivity. Further, it can require the expenditure of far more resources in data or system recovery after a security incident occurs than would have been spent in prevention activities.

77 Purposes of Training Effectiveness Evaluation TeX Awareness; Sicherheit; Verhalten; Lernen; Training; Evaluation; Effektivität ;
Meaningfulness, or effectiveness, requires measurement. Evaluating training effectiveness has four distinct but interrelated purposes -- to measure: *[ [The extent to which conditions were right for learning and the learner’s subjective satisfaction;] [What a given student has learned from a specific course or training event, i.e., learning effectiveness;] [A pattern of student outcomes following a specific course or training event; i.e., teaching effectiveness; and] [The value of the specific class or training event, compared to other options in the context of an agency’s overall IT security training program; i.e., program effectiveness.] ]*

78 evaluation process TeX Awareness; Sicherheit; Verhalten; Lernen; Training; Evaluation;
An evaluation process should produce four types of measurement, each related to one of evaluation’s four purposes, as appropriate for three types of users of evaluation data: *[ [First, evaluation should yield information to assist the employees themselves in assessing their subsequent on-the-job performance.] [Second, evaluation should yield information to assist the employees’ supervisors in assessing individual students’ subsequent on-the-job performance.] [Third, it should produce trend data to assist trainers in improving both learning and teaching.] [Finally, it should produce return-on-investment statistics to enable responsible officials to allocate limited resources in a thoughtful, strategic manner among the spectrum of IT security awareness, security literacy, training, and education options for optimal results among the workforce as a whole.] ]*

79 levels of evaluation TeX Awareness; Sicherheit; Verhalten; Lernen; Training; Evaluation;
Four levels of evaluation, in order of complexity, are: *[ [Level 1: End-of-Course Evaluations (Student Satisfaction)] [ Level 2: Behavior Objective Testing (Learning Effectiveness, which is also a measure of Teaching Effectiveness)] [Level 3: Job Transfer Skills (Performance Effectiveness)] [ Level 4: Organizational Benefit (Training Program Effectiveness)] ]* Altogether, the four levels match the four purposes of training evaluation [...] in a staged manner.

100 Setting the bar TeX Awareness; Sicherheit; Komplexität
Setting the bar means that a decision must be made as to the complexity of the material that will be developed; it applies to all three types of learning – awareness, training, and education.

139 Security Awareness: required for TeX Sicherheit;Awareness;SAK;Verhalten;Zielgruppe
“Security Awareness” is explicitly required for ALL employees, whereas “Security Basics and Literacy” is required for those employees, including contractor employees, who are involved in any way with IT systems. In today’s environment this typically means all individuals within the organization.

140 Security Basics and Literacy TeX Sicherheit;Awareness;SAK;Verhalten;Zielgruppe
The “Security Basics and Literacy” category is a transitional stage between “Awareness” and “Training.” It provides the foundation for subsequent training by providing a universal baseline of key security terms and concepts.

141 Roles and Responsibilities Relative to IT Systems TeX Sicherheit;Awareness;SAK;Verhalten;Zielgruppe
After “Security Basics and Literacy,” training becomes focused on providing the knowledges, skills, and abilities specific to an individual’s “Roles and Responsibilities Relative to IT Systems.” At this level, training recognizes the differences between beginning, intermediate, and advanced skill requirements.

142 Education and Experience TeX Sicherheit; Awareness; SAK; Verhalten; Zielgruppe;
The ›Education and Experience‹ level focuses on developing the ability and vision to perform complex multi-disciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes.

143 Awareness Activity TeX Sicherheit;Awareness;SAK;Verhalten
Learning achieved through a single awareness activity tends to be short-term, immediate, and specific. Training takes longer and involves higher-level concepts and skills. For example, if a learning objective is “to facilitate the increased use of effective password protection among employees,” an awareness activity might be the use of reminder stickers for computer keyboards. A training activity might involve computer-based instruction in the use of passwords, parameters, and how to change the passwords for organization systems.

144 Effective IT security awareness presentations TeX Sicherheit;Awareness;SAK;Verhalten;
Effective IT security awareness presentations must be designed with the recognition that people tend to practice a tuning-out process called acclimation. If a stimulus, originally an attentiongetter, is used repeatedly, the learner will selectively ignore the stimulus. Thus, awareness presentations must be on-going, creative, and motivational, with the objective of focusing the learner’s attention so that the learning will be incorporated into conscious decision-making. This is called assimilation, a process whereby an individual incorporates new experiences into an existing behavior pattern.

145 Learning achieved through a single awareness activity TeX Sicherheit;Awareness;SAK;Verhalten;Lernen
Learning achieved through a single awareness activity tends to be short-term, immediate, and specific. Training takes longer and involves higher-level concepts and skills. For example, if a learning objective is “to facilitate the increased use of effective password protection among employees,” an awareness activity might be the use of reminder stickers for computer keyboards. A training activity might involve computer-based instruction in the use of passwords, parameters, and how to change the passwords for organization systems.




Startseite Neue Karte
Autor: Stefan Schumacher, Stefan.Schumacher [at] Bildungswissenschaft [dot] info
$Id: karteikarten-nach-stichwoertern.pl,v 1.9 2017/10/18 18:16:57 stefan Exp $
$Id: global_includes_zk.pm,v 1.11 2011/04/10 13:39:05 stefan Exp $
Impressum

(Anzeige) Mehr zu mir auf meiner Agenturseite: Kaishakunin.com
$Id: global_includes_zk.pm,v 1.11 2011/04/10 13:39:05 stefan Exp $