Security Awareness Blog

Standards Requiring Security Awareness Training - Final

Folks, I'm excited to announce the first official release of "Security Awareness Compliance Requirements". This document lists all known standards and regulations that require security awareness training. Specifically you will find the name of each regulation, the section within the regulation that requires awareness training and links to more information. This is intended to be a resource to help those in the audit field and those looking for gaining management support for their awareness program. I would like to thank the following people for helping add additional sources. If you have any more to add, let me know at lspitzner@sans.org.

  • Girard Jergensen on CobiT
  • Brian Honan on EU Data Privacy Directive
  • Alan Stockdale on US State privacy legislation
  • Marlon Borba on ISO/IEC 27001 & 27002

5 Comments

Posted July 5, 2011 at 1:06 PM | Permalink | Reply

Martin Kelliher

GREAT resource. Thanks for compiling the list.

Posted July 5, 2011 at 1:23 PM | Permalink | Reply

lspitzner

Thanks! If you have any suggestions for additional resources that can help you with your awareness program, please let me know.
''" lance

Posted July 14, 2011 at 6:54 PM | Permalink | Reply

Reg Harnish

The compliance list is excellent, thank you!

Posted July 14, 2011 at 6:55 PM | Permalink | Reply

Reg Harnish

Thank you for putting this list together, it's something I've been meaning to do for years.

Posted July 15, 2011 at 1:51 AM | Permalink | Reply

lspitzner

Reg, thanks for the kind words! If you have any suggestions for other standards we need to add, please let me know!
lance