“Security Awareness” is explicitly required for ALL employees, whereas “Security Basics and Literacy” is required for those employees, including contractor employees, who are involved in any way with IT systems. In today’s environment this typically means all individuals within the organization.

Sicherheit; Awareness; SAK; Verhalten; Zielgruppe;

{nist800-16} 'Mark Wilson and Dorothea E. {de Zafra} and Sadie I. Pitcher and John D. Tressler and John B. Ippolito' (2003) : Information Technology Security Training Requirements: A Role- and Performance-Based Model

The “Security Basics and Literacy” category is a transitional stage between “Awareness” and “Training.” It provides the foundation for subsequent training by providing a universal baseline of key security terms and concepts.

Sicherheit; Awareness; SAK; Verhalten; Zielgruppe;

{nist800-16} 'Mark Wilson and Dorothea E. {de Zafra} and Sadie I. Pitcher and John D. Tressler and John B. Ippolito' (2003) : Information Technology Security Training Requirements: A Role- and Performance-Based Model

After “Security Basics and Literacy,” training becomes focused on providing the knowledges, skills, and abilities specific to an individual’s “Roles and Responsibilities Relative to IT Systems.” At this level, training recognizes the differences between beginning, intermediate, and advanced skill requirements.

Sicherheit; Awareness; SAK; Verhalten; Zielgruppe;

{nist800-16} 'Mark Wilson and Dorothea E. {de Zafra} and Sadie I. Pitcher and John D. Tressler and John B. Ippolito' (2003) : Information Technology Security Training Requirements: A Role- and Performance-Based Model

The ›Education and Experience‹ level focuses on developing the ability and vision to perform complex multi-disciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes.

Sicherheit; Awareness; SAK; Verhalten; Zielgruppe;

{nist800-16} 'Mark Wilson and Dorothea E. {de Zafra} and Sadie I. Pitcher and John D. Tressler and John B. Ippolito' (2003) : Information Technology Security Training Requirements: A Role- and Performance-Based Model