Role-based Awareness Training – CompTIA Security+ SY0-501 – 5.1

Training that you provide to your users should be customized to their job roles. In this video, you’ll learn about the various corporate and user roles associated with an application instance.

<< Previous Video: Personnel Management Next: General Security Policies >>

If there are new users that are starting to use an application or it’s someone who’s new to the organization, you may want to provide some role-based security awareness training. This is usually a specialized type of training that is specific to the role that this particular user has with this application or with this data. That’s because each user role is going to have unique security requirements when it comes to these assets.

You also want to apply this training when you’re working with third parties. If you have contractors, your partners, or suppliers that are accessing these applications, you want to be sure they understand the security implications of doing that. This also allows you as the security administrator to make sure that everybody knows about the security requirements. If problems are found later, you can always go back to the training and make sure that everyone was aware of exactly what the requirements were from the very beginning.

One of the roles that you would create training for is the data owner. This is usually somebody at the executive level who has the administrative responsibility for the application and for the data. Ultimately this is the person who is usually signing off on the compliance if any is required for that data. There are also system administrator roles that must be trained. The administrator is the person who’s enabling the use of this application or this data, but it may not necessarily be someone who uses the application. And the system owner role is usually someone who is separate from the system administrator. This is usually someone who’s closer to the business side of the application use. This is someone who can also make security policies and backup policies for the data. And if there’s any changes in updates, it would be managed by the system owner.

There are also different user roles for the application. Someone who is a user is the person who has the least privileged access to the application and the data. This is the person who is the normal day to day user of this application. There might also be privileged users which have a higher level of rights and permissions. It might be someone that creates reports or who is an area manager and needs a broader scope of that application or that data. And then there is the executive user, someone who is responsible for the overall use of the application. This is the person who is evaluating the operation of the application and makes decisions about what the next steps might be for the use of that data.