Information Systems Security Manager (ISSM) - Marine Corps ...
Information Systems Security Manager (ISSM) - Marine Corps ...
Information Systems Security Manager (ISSM) - Marine Corps ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NAVSO P-5239-04SEPTEMBER 19953.5 Training and AwarenessThe <strong>ISSM</strong> is responsible for developing security training. This training will includetraining for INFOSEC personnel, training for IS users, and fostering INFOSEC awareness .The <strong>ISSM</strong> plans and develops Command and IS-specific training based on the securitypolicies and procedures documented in the Activity ISSP. The <strong>ISSM</strong> ensures that all newpersonnel are trained shortly after induction and that refresher training is providedperiodically to all personnel.ResponsibilityThe <strong>ISSM</strong> is responsible for developing two types of securitytraining: training for INFOSEC personnel (ISSOs and NSOs)and training for IS users. The <strong>ISSM</strong> is also responsible forfostering IS user security awareness.ImplementationINFOSEC PersonnelTrainingTraining for ISSOs and NSOs addresses all task areas requiredof the specific position.· Format: The format for training INFOSEC personneldepends on the Command structure and number ofsecurity personnel, as described below:- For large Commands with many ISSOs/NSOs, f ormaltraining sessions, using a brief-style format withhands-on demonstrations is beneficial- For small Commands having only one or twoISSOs/NSOs, informal or on-the-job training, usinghandbooks and/or handouts may be desired.When using either format, the <strong>ISSM</strong> should provide writtenguidelines of the responsibilities of the ISSO/NSO tailored forthe specific IS. Softcopy of documents on removable computermedia can be a cost effective substitute for hard copy versions.· Curriculum: Training curriculum should i nclude thefollowing:- Instruction for the performance of all CommandspecificINFOSEC procedures and duties- Samples of documentation to be developed by theISSO/NSO, as required by the specific Command,such as:24