PM-16-727 Threat Awareness Program

Threat Awareness Program

Threat Awareness Program
Program Management
Information Security Risk Management
February 15, 2018

The chief information security officer is the focal point for distributing threat awareness information to the Agency. Any threat awareness information that may impact the Agency should be disseminated as operational security permits. The chief information security officer will determine the appropriate dissemination method, content, and timing of such information.

Failure to conduct suitable and relevant threat awareness program and to publish notifications to enhance awareness of organizational policies and procedures may result in potential security breach of the operational environment.
The organization implements a threat awareness program that includes a cross-organization information-sharing capability.
A threat awareness program, such as email notification to alert of existing threats is in place.
State implementation of this standard is incorporated into TAC 202.
Obtain documentation of the threat awareness program and ascertain if the organization has established practices to communicate threat events (i.e., tactics, techniques, and procedures) that organizations have experienced, mitigations that organizations have found are effective against certain types of threats, threat intelligence (i.e., indications and warnings about threats that are likely to occur)