Training Staff are required to provide training services and documentation to computer users and technical staff.
Training Staff must have appropriate training skills and thorough knowledge about the subjects they are training. They must be excellent writers and communicators.
Policies Affecting the Training Staff
Must Take Specific action
Password Policy - Need to train users and help them understand how to reset their password and create passwords that they can remember.
Remote Access Policy - Need to train users in how to get remote access.
Computer Training Policy - Need to train users aboout computer use, computer security, policies. Need to have several training programs for IT staff.
Acceptable Use Policy - Need to train users about acceptable use.
User Privilege Policy - Need to train users about the privileges that users are allowed to have on their workstations. They should understand how to change their privilege level if required.
Privacy and Confidentiality Policy - Need to train users.
Browser Configuration Policy - Need to train users to use a browser safely and why safe configuration is important.
Logon Banner Policy - Need to inform users about what the policy means and what the banner means.
Code of Ethical Conduct Policy - Need to train users. This should be part of policy training for everyone.
Internet Connection Policy - Need to train users. Users are only allowed to connect to the internet using specific methods.
Approved Application Policy - Need to train users. Users must realize they cannot install or have installed unapproved applications on their workstations.
Email Policy - Need to train users about the use of email, blockage of file types, and what happens when the email server detects a virus.
Certification and Accreditation Policy - Need to train those performing certifications or accreditations.
Information Sensitivity Policy - Need to train business owners about the need to categorize sensitive information and protect it.
Change Management Policy - Must train users in the use of software when it is new or modified when the modifications affect the user interface or capabilities.
Configuration Management Policy - Must train users in the use of software when it is new or modified when the modifications affect the user interface or capabilities.
Communication Policy - Must communicate the policies to users and train them in the ones specified.
IT Human Resource Policy - All employees must be trained regarding basic computer security, computer use, data retention, safety, and policies. Training in employee job roles may be required.
Customer Support Policy - Help desk staff must be trained in the use of help desk tools, tracking tickets, answering calls, how to prioritize tasks, and how to recognize security incidents. Trends in help desk tickets should be used to help identify users who need trained.
Must be Aware
Account Management Policy - May need to train users about account management processes.
Employee Termination Policy - May need to train users about what needs turned in when employees leave.
Wireless Communication Policy - May need to train users about use of wireless devices and how to get a device that is an approved wireless technology.
Incident Response Policy - Users must be trained about computer security. Help desk staff and other users must be trained in recognizing and handling security incidents. An incident response team may be required to be trained.
Disaster Recovery Policy - Train business users in the need for disaster recovery for critical or important business processes.
Auditing Policy - The auditing policy requires training in many areas.
Third Party IT Service Policy - User training may be required when third party software is purchased.
Quality Policy - Quality training should be provided for IT employees and management.