StudyDaddy Management QSO 300 Final AssignSubmit your final comprehensive case study analysis. It should be a complete, polished artifact containing all of the critical elements of the final product. It should reflect the

QSO 300 Final AssignSubmit your final comprehensive case study analysis. It should be a complete, polished artifact containing all of the critical elements of the final product. It should reflect the

SECURITY AWARENESS PROGRAM PITCH


Security Awareness Program Pitch

Rashel Hafiz

QSO 300

Christopher Mowad
November 11, 2018

Introduction

Security is not a technical problem but it’s a people problem because it affects the organization and its stakeholders at equal measures. Therefore keeping people in the side security equation require the IT departments to involve all internal stakeholders to security awareness. All employees should be involve both new hires, old and across every department. This security awareness program outlines unintentional human error, malicious human behavior attributable to external parties and organizational factors for potential risk. The key goal of security awareness is to increases organizational understanding and practical implementation of security best practices.

Unintentional Human Error

The human Errors are planned actions, decision or behavior that reduce or have the potential to reduce quality, safety, and security. The human security issues include system misconfiguration, poor patch management, and use of easy to guess password or default username and password that may allow the party to easily guess the password (Metalidou, Marinagi, Trivellas, Eberhagen, Skourlas, & Giannakopoulos, 2014). Some of this security issues are unintentional because employees are not informed on best security measures to adopt. Lose of a device like a laptop and mobiles phones containing key organization information, double-clicking on unsafe URLs, sharing a password with other and using personally owned devices that connect to the organization network are examples of unintentional human errors.

To address the human factor issues several measures are adopted. The measures include cryptography, password management, identify and access management, network system access, awareness campaign, training and retraining and lastly system monitoring and surveillance and internal control and many others

Malicious Human Error

The malicious human activities refer to activities that are intended to attack a computer system. The malicious activities may arise from current employees, former employees, customer or hackers. The malicious behavior may include issues like hacking, malware spreading, financial pretexting and phishing and DOS/DDOS attack are some of the malicious human behavior (Whitman, 2003). In order to solve this security threat implementing proactive techniques, for example, installing a next-generation firewall, sandbox techniques, and intrusion monitoring tool will help in protecting the system from exposure. The reactive approach, for example, installing antivirus software, and system monitoring and surveillance may help in addressing the issues.

Organizational factors

The organizational factors that increase security risk include customer served by the company, revenue, policies of fighting security risk and other factors. The company adopts a security risk based on the investments strategies adopted by considering size, revenue, and regulation (De Vries, 2017). The security procedure may include implementing policies that target increases security awareness, training employees and executive and investing in modern security measures for example next generation firewall or bank vaults for protecting important assets and documents, and disk. Destroying old laptop to ensure it does not contain user data and fasten laptop with a Kensington and encrypting hard drives.

Conclusion

A firm should value each reactive and proactive approach of security risk prevention to ensure the company systems are fully secured. Training new employees as well as retraining old employees and executive to ensure they are aware of the emerging security threats and what they should do to ensure the company network system is fully secured is necessary. The essence of securing network system is to protect an organization from incurring losses, loss of reputation due to security breach or face litigation from its client once their information is leaked or compromised through unintentional human error or malicious human error.
















References

Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C., & Giannakopoulos, G. (2014). The human factor of information security: Unintentional damage perspective. Procedia-Social and Behavioral Sciences147, 424-428.

de Vries, J. (2017). What drives cybersecurity investment?: Organizational factors and perspectives from decision-makers.

Whitman, M. E. (2003). Enemy at the gate: threats to information security. Communications of the ACM46(8), 91-95.


Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!