Develop A Security Education, Training, And Awareness (SETA) ✓ Solved

Posted on December 13, 2025

Develop a Security, Education, Training, and Awareness (SETA

Develop a Security, Education, Training, and Awareness (SETA) plan for the IT department support personnel. Your SETA plan will have three sections (one for the Education, Training and Awareness programs). At a minimum, include a description of the program, the intended personnel targeted for the program, implementation plans, schedule for training, and methods for delivering the programs.

Paper For Above Instructions

Introduction

This SETA plan provides a structured, role‑based approach to Security Education, Training, and Awareness for IT department support personnel. Its goals are to reduce human risk, align staff skills with organizational security requirements, and create a measurable culture of security. The plan addresses three distinct but complementary programs—Education, Training, and Awareness—each defined, targeted, scheduled, and delivered using best practices and industry guidance (NIST, 2003; NIST, 1998).

1. Security Education Program

Description

The Education program focuses on in‑depth theoretical knowledge and professional development for IT support personnel who require a deep understanding of information security principles, policies, and standards. Education emphasizes concepts such as secure design, risk management, regulatory requirements, and incident response frameworks (ISO, 2013; Peltier, 2016).

Intended Personnel

Targeted personnel include senior support engineers, system administrators, network engineers, security analysts, and lead technical staff preparing for certifications or security leadership roles (NIST, 1998).

Implementation Plan

Implement a blended academic and professional development track: sponsor certifications (e.g., CISSP, CEH), provide subscriptions to professional coursework, and support tuition reimbursement for relevant university courses. Assign learning paths based on role profiles and required competencies. Integrate mentoring and project‑based assignments that apply theory to Baker’s operational environment (NIST SP 800‑16; Whitman & Mattord, 2017).

Schedule

Offer semester‑style cohorts (12–16 weeks) twice per year for intensive education tracks. New cohort enrollment occurs at the start of each fiscal quarter for staggered progression. Senior staff should complete at least one advanced education course per year.

Delivery Methods

Use accredited online learning platforms, university partnerships, instructor‑led workshops, and lab environments for hands‑on exercises. Document progress in an LMS and require capstone projects or assessments that demonstrate competency (NIST, 1998; SEI/CERT, 2014).

2. Security Training Program

Description

Training delivers practical, role‑specific skills enabling personnel to perform secure tasks and follow procedures. Training focuses on tool use, secure configuration, patch management, access control administration, and incident handling processes (NIST, 2003; NIST SP 800‑53).

Intended Personnel

Targeted personnel include help desk staff, desktop support, patch management technicians, junior sysadmins, and contractors who perform day‑to‑day operational tasks.

Implementation Plan

Define skill matrices for each role and map training modules to those matrices. Develop mandatory onboarding training for new hires (role orientation, security baseline) and role‑based training modules (network hardening, endpoint security, secure ticket handling). Establish training owners in IT and security teams to maintain curriculum and schedules (ENISA, 2017).

Schedule

Require completion of onboarding training within the first 30 days of hire. Provide quarterly role refreshers and targeted upskilling sessions after major platform changes or security incidents. Annual recertification is mandatory for core operational tasks.

Delivery Methods

Deliver training via an LMS for modular e‑learning, combined with hands‑on lab sessions, simulated incident drills, and job‑shadowing. Use microlearning modules (10–20 minutes) for tool updates and long‑form workshops for deeper skills. Track completion and competency with practical assessments and supervisor validation (SANS Institute, 2019).

3. Security Awareness Program

Description

The Awareness program builds broad organizational understanding of security risks and desired behaviors. It is behaviorally focused, aiming to reduce phishing susceptibility, improper data handling, and policy violations (NIST, 2003; Verizon DBIR, 2023).

Intended Personnel

All IT support personnel plus contractors and temporary staff who interact with systems and users. Awareness also extends to cross‑functional teams that interface with IT.

Implementation Plan

Launch an ongoing campaign featuring monthly themes (e.g., phishing, password hygiene, remote work security). Integrate realistic phishing simulations, short video modules, newsletters, posters, and leader communications. Tie awareness metrics to performance reviews to incentivize compliance (ENISA, 2017; SANS, 2019).

Schedule

Provide mandatory awareness orientation in week one of employment. Deploy monthly micro‑campaigns and quarterly simulated phishing tests. Issue annual organization‑wide awareness refreshers and conduct post‑incident focused campaigns as needed.

Delivery Methods

Use multi‑channel delivery: LMS microlearning, email newsletters, intranet banners, short videos, digital signage, and live town halls. Employ gamification and leaderboards for engagement and use simulated phishing as a behavioral metric (Verizon, 2023).

Assessment, Metrics, and Continuous Improvement

Measure program effectiveness with metrics: training completion rates, assessment pass rates, phishing click rates, mean time to remediate misconfigurations, and post‑training performance reviews. Conduct annual training needs analysis and incorporate lessons learned from incidents. Use the Plan‑Do‑Check‑Act cycle for continuous improvement (NIST, 2003; ISO, 2013).

Roles, Governance, and Budget

Appoint a SETA program manager accountable for content, LMS management, and reporting. Form a cross‑functional steering committee (IT, HR, Legal, and Risk) to prioritize topics and approve budgets. Allocate funding for LMS licensing, external instructors, certifications, simulation tools, and staff time (Peltier, 2016).

Risk Mitigation and Compliance

Align SETA objectives with regulatory and contractual requirements and map training to controls in ISO/IEC 27001 and NIST frameworks. Use role‑based evidence of training completion for audits and maintain records in the LMS (ISO, 2013; NIST SP 800‑53).

Conclusion

This SETA plan balances deep education for senior staff, practical training for operational roles, and broad awareness campaigns for behavior change. By using role‑based curricula, blended delivery methods, scheduled refreshers, and measurable outcomes, the IT department will reduce security incidents and strengthen organizational resilience (NIST, 2003; SANS, 2019).

References

NIST. (2003). NIST Special Publication 800‑50: Building an Information Technology Security Awareness and Training Program. National Institute of Standards and Technology. https://csrc.nist.gov/publications/detail/sp/800-50
NIST. (1998). NIST Special Publication 800‑16: Information Technology Security Training Requirements: A Role‑and Performance‑Based Model. National Institute of Standards and Technology. https://csrc.nist.gov/publications/detail/sp/800-16
ISO/IEC. (2013). ISO/IEC 27001:2013 Information Security Management. International Organization for Standardization. https://www.iso.org/isoiec-27001-information-security.html
SANS Institute. (2019). Security Awareness: Building a Security‑Savvy Workforce. SANS Security Awareness. https://www.sans.org/security-awareness-training/
ENISA. (2017). Good Practice Guide on Security Culture. European Union Agency for Cybersecurity. https://www.enisa.europa.eu/
Verizon. (2023). 2023 Data Breach Investigations Report. Verizon. https://www.verizon.com/business/resources/reports/dbir/
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Whitman, M. E., & Mattord, H. J. (2017). Principles of Information Security. Cengage Learning.
SEI CERT Division, Carnegie Mellon University. (2014). Workforce Development and Training Guidance. Carnegie Mellon University. https://www.sei.cmu.edu/
NIST. (2020). NIST Special Publication 800‑53: Security and Privacy Controls for Information Systems and Organizations. National Institute of Standards and Technology. https://csrc.nist.gov/publications/detail/sp/800-53

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.