Focus on Information Security Training and Awareness
The Interagency Guidelines Establishing Information Security Standards as per Gramm-Leach-Bliley Act (GLBA) of 2001 require each financial institution to have a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the institution and the nature and scope of its activities.
The following publications from the NIST (National Institute of Standards and Technology) outline a model for information security training and awareness programs. While published several years ago, they remain a standard for all programs.
Building an Information Security Technology Awareness and Training Program
NIST Special Publication 800-50, Building An Information Technology Security Awareness and Training Program, provides guidance for building an effective information technology (IT) security program and supports requirements specified in the Federal Information Security Management Act (FISMA) of 2002 and the Office of Management and Budget (OMB) Circular A-130, Appendix III.
Information Technology Security Training Requirements: A Role- and Performance-Based Model
Federal agencies and organizations cannot protect the integrity, confidentiality, and availability of information in today's highly networked systems environment without ensuring that each person involved understands their roles and responsibilities and is adequately trained to perform them.