Back

Include ethical culture in the training plan, as necessary.


CONTROL ID
12801
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain training plans., CC ID: 00828

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Establish and regularly update a curriculum for each target group of employees considering: - Current and future business needs and strategy - Value of information as an asset - Corporate values (ethical values, control and security culture, etc.) - Implementation of new IT infrastructure and soft… (DS7.1 Identification of Education and Training Needs, CobiT, Version 4.1)
  • Develop a plan to educate the governing authority, management, the workforce, and the extended enterprise about their responsibilities and expected conduct. (OCEG GRC Capability Model, v. 3.0, P4.1 Define an Awareness and Education Plan, OCEG GRC Capability Model, v 3.0)
  • Individual accountability—explain what this means in the agency. (§ 5.2.1.3 ¶ 1(13), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)