Educate and Train Users
Educate and Train Users
Effective education of all users of IT systems, including those within IT, requires identifying the training needs of each user group. In addition to identifying needs, this process includes defining and executing a strategy for effective training and measuring the results. An effective training program increases effective use of technology by reducing user errors, increasing productivity and increasing compliance with key controls, such as user security measures.
Identification of Education and Training Needs
Identification of Education and Training Needs
Establish and regularly update a curriculum for each target group of employees considering:
• Current and future business needs and strategy
• Value of information as an asset
• Organizational values (ethical values, control and security culture, etc.)
• Implementation of new IT infrastructure and software (i.e., packages, applications)
• Current and future skills, competence profiles, and certification and/or credentialing needs as well as required reaccreditation
• Delivery methods (e.g., classroom, web-based), target group size, accessibility and timing
Delivery of Training and Education
Delivery of Training and Education
Based on the identified education and training needs, identify target groups and their members, efficient delivery mechanisms, teachers, trainers, and mentors. Appoint trainers and organize timely training sessions. Record registration (including prerequisites), attendance and training session performance evaluations.
There are no PSGs published for this topic; however, the topic is under review for future PSGs |
Evaluation of Training Received
Evaluation of Training Received
Evaluate education and training content delivery upon completion for relevance, quality, effectiveness, the retention of knowledge, cost and value. The results of this evaluation should serve as input for future curriculum definition and the delivery of training sessions.