Sunteți pe pagina 1din 9


! " 

|"%&'&|()*+" $ ,("($
‡ SP 800-16 Rev 1 updated the original document
from 1998
‡ addresses the "awareness training" and "role-
based training" needs outlined in both the
FISMA act of 2002 and the OPM mandate 5
CFR, Part 930.
‡ companion document to NIST Special
Publication 800-50, ï 


‡ Information security professionals,
‡ instructional design specialists.

‡ It is critical to both national security and business

interests to protect the information stored in digital format
‡ In order to do this employees who use these systems
must be trained to use information systems both
efficiently and securely
‡ The goals of Special Publication 800-16 are to provide
information security professionals and instructional
design specialists guidelines for implementing
awareness training for an organization and specialized
role-based training programs for users of its information
‡ NIST 800-16 introduces a ³Learning
Continuum´ model of information security
‡ Basic Security Awareness
‡ Awareness Training (Basics and Literacy)
‡ / 
‡ Education
‡ Professional Development.
‡ Information security training matrices
‡ ADDIE instructional design method:
‡ Analysis,
‡ Design,
‡ Development,
‡ Implementation,
‡ and Evaluation.
‡ Formative evaluation
‡ Summative evaluation
‡ Changes to program
‡ To insure the confidentiality, integrity, and availability of
information, every user of information systems must
know their specific responsibilities and be properly
motivated to carry out these responsibilities.
‡ The motivation comes from awareness of the issues,
and the knowledge and education of each individual¶s
responsibilities needs to come from a role-based
information security training program.
‡ This NIST document helps agencies and organizations
follow the ADDIE model to fill in the gaps of knowledge
that its employees are missing.
‡ Not only is it critical to the continual success of an
organization, it is the law that training be put in place to
protect information in their possession.