What is the role of the SCO with respect to the evaluation of IT training and awareness for compliance?

What will be an ideal response?

The SCO is the person responsible for ensuring that information security personnel are receiving the appropriate level and type of training. This is accomplished through an evaluation of the effectiveness of the IT security awareness and training program. That evaluation essentially assesses the current performance of the security process. Where there are security breakdowns, each individual incident has to be studied in order to generate lessons learned. If it is found that the situation could be mitigated by new or better training, the knowledge gained from those lessons is factored back into improved training methods. The primary items assessed for training and awareness are the actual teaching materials. The aim of the evaluation is to ensure that the materials that support the awareness and training program encompass all current IT security issues and legal requirements and meets stakeholder needs.