Technical Training
Technical training comprises practices, technologies or services used in training security officers, system administrators or other personnel involved in the administration or development of information systems.
Individuals responsible for information technology security safeguards need in-depth training regarding the security methodologies and techniques required to configure, implement, administer, and maintain those safeguards. For example, a security administrator may need to know the method and techniques for granting various types of access rights to the database, how to set up and maintain an effective firewall to filter external access, and how to detect intrusions to the system. Typical sources for technical training include instructor-led programs (third-party or internal), commercial off-the-shelf training modules, technical publications, and operations manuals provided by the vendor.
[Adapted from materials provided by the Virginia
Alliance for Secure Computing
and Networking (VA SCAN -- see http://www.vascan.org
)]
University Standards for Technical Training
- The University establishes and maintains information technology security training programs to ensure that all individuals involved in managing, administering, designing, developing, implementing, or maintaining information resources are aware of their security responsibilities and know how to fulfill them.
- Information technology security training programs must be sufficient to provide their participants the expertise required to deal with the system components and information resources for which they are responsible. Such programs must include content that enables participants to identify and evaluate threats, vulnerabilities, and risks specific to those components and resources. The programs must include content about technical alternatives, methods, and standards that are appropriate for those components and resources and that can be used to effectively implement safeguards.