LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Which seven steps does NIST SP 800-12 define for a formalized security awareness training program?

Scope & objectives → trainers → target groups → motivation → run the program → keep it current → evaluate effectiveness.

NIST SP 800-12, Chapter 13:

  1. Umfang und Zielsetzung identifizieren — identify scope and objectives
  2. Trainer identifizieren — who delivers the training (credibility matters)
  3. Zielgruppen identifizieren — identify target audiences
  4. Management und Mitarbeiter motivieren — motivate management and staff (buy-in before content)
  5. Das Programm einführen und verwalten — implement and administer the program
  6. Das Programm aktuell halten — keep it current
  7. Die Wirksamkeit evaluieren — evaluate effectiveness

Why a formalized process: it ensures the relevant security requirements reach the right people — instead of one generic e-learning for everyone, which bores experts and overwhelms novices.

Tip: Note steps 6 and 7 — the program is a loop, not a launch: maintenance and effectiveness measurement are built into the process, mirroring the ISMS's own PDCA/KVP logic.

Go deeper:

From Quiz: ISM / The Human Factor — Security Awareness | Updated: Jul 05, 2026