Cyber security awareness training is undertaken annually by all personnel and covers: • the purpose of the cyber security awareness training • security appointments and contacts • authorised use of systems and their resources • protection of systems and their resources • reporting of cyber security incidents and suspected compromises of systems and their resources.
Topic
Providing cyber security awareness training
Applicable to
all
History
Priority
must
Mar 2022
Cyber security awareness training is undertaken annually by all personnel and covers:
• the purpose of the cyber security awareness training
• security appointments and contacts
• authorised use of systems and their resources
• protection of systems and their resources
• reporting of cyber security incidents and suspected compromises of systems and their resources.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Sep 2019
Ongoing cyber security awareness raising and training is provided to personnel and includes:
§ the purpose of the cyber security awareness raising and training program
§ security appointments and contacts within the organisation
§ the authorised use of systems and their resources
§ the protection of systems and their resources
§ reporting of cyber security incidents and suspected compromises of systems and their resources.
Security control 0252 was modified to focus on the high level elements of cyber security awareness raising and training.
Aug 2019
Ongoing cyber security awareness raising and training is provided to personnel and includes:
§ the purpose of the awareness raising and training program
§ security appointments and contacts within the organisation
§ the use and protection of systems, applications, media and information
§ reporting of cyber security incidents and suspected compromises
§ not to introduce or use unauthorised ICT equipment, media or applications with systems
§ not to attempt to bypass, strain or test security controls on systems
§ not to attempt to gain unauthorised access to systems, applications or information.
2017
Agencies must provide ongoing information security awareness and training for personnel oninformation security policies including topics such as responsibilities, consequences ofnon–compliance, and potential security risks and counter-measures.
Control Text Changed. No public explaination.
2015
Agencies must provide ongoing information security awareness and training for personnel oninformation security policies including topics such as responsibilities, consequences of non–compliance, and potential security risks and counter–measures.
2010
Agencies must provide ongoing information security awareness and training for personnel on informationsecurity policies including topics such as responsibilities, consequences of non-compliance, and potentialsecurity risks and counter-measures.
2008
Agencies must provide ongoing ICT security awareness and training for staff members on topics such as responsibilities, consequences of non-compliance with ICT security policies and procedures and potential ICT security risks and counter-measures.