IT 241 Assign-7To complete this assignment, review the Final Project Document.Below I attached related files with this assign.
SECURITY AWARENESS PROGRAM PITCH
Security Awareness Program Pitch
Rashel Hafiz
IT 241
Alicia L. Peltier
24TH November 2018
Introduction
Security is not a technical problem but it’s a people problem because it affects the organization and its stakeholders at equal measures. Therefore keeping people in the side security equation require the IT departments to involve all internal stakeholders to security awareness. All employees should be involve both new hires, old and across every department. This security awareness program outlines unintentional human error, malicious human behavior attributable to external parties and organizational factors for potential risk. The key goal of security awareness is to increases organizational understanding and practical implementation of security best practices.
Unintentional Human Error
The human Errors are planned actions, decision or behavior that reduce or have the potential to reduce quality, safety, and security. The human security issues include system misconfiguration, poor patch management, and use of easy to guess password or default username and password that may allow the party to easily guess the password (Metalidou, Marinagi, Trivellas, Eberhagen, Skourlas, & Giannakopoulos, 2014). Some of this security issues are unintentional because employees are not informed on best security measures to adopt. Lose of a device like a laptop and mobiles phones containing key organization information, double-clicking on unsafe URLs, sharing a password with other and using personally owned devices that connect to the organization network are examples of unintentional human errors.
To address the human factor issues several measures are adopted. The measures include cryptography, password management, identify and access management, network system access, awareness campaign, training and retraining and lastly system monitoring and surveillance and internal control and many others
Malicious Human Error
The malicious human activities refer to activities that are intended to attack a computer system. The malicious activities may arise from current employees, former employees, customer or hackers. The malicious behavior may include issues like hacking, malware spreading, financial pretexting and phishing and DOS/DDOS attack are some of the malicious human behavior (Whitman, 2003). In order to solve this security threat implementing proactive techniques, for example, installing a next-generation firewall, sandbox techniques, and intrusion monitoring tool will help in protecting the system from exposure. The reactive approach, for example, installing antivirus software, and system monitoring and surveillance may help in addressing the issues.
Organizational factors
The organizational factors that increase security risk include customer served by the company, revenue, policies of fighting security risk and other factors. The company adopts a security risk based on the investments strategies adopted by considering size, revenue, and regulation (De Vries, 2017). The security procedure may include implementing policies that target increases security awareness, training employees and executive and investing in modern security measures for example next generation firewall or bank vaults for protecting important assets and documents, and disk. Destroying old laptop to ensure it does not contain user data and fasten laptop with a Kensington and encrypting hard drives.
Conclusion
A firm should value each reactive and proactive approach of security risk prevention to ensure the company systems are fully secured. Training new employees as well as retraining old employees and executive to ensure they are aware of the emerging security threats and what they should do to ensure the company network system is fully secured is necessary. The essence of securing network system is to protect an organization from incurring losses, loss of reputation due to security breach or face litigation from its client once their information is leaked or compromised through unintentional human error or malicious human error.
References
Metalidou, E., Marinagi, C., Trivellas, P., Eberhagen, N., Skourlas, C., & Giannakopoulos, G. (2014). The human factor of information security: Unintentional damage perspective. Procedia-Social and Behavioral Sciences, 147, 424-428.
de Vries, J. (2017). What drives cybersecurity investment?: Organizational factors and perspectives from decision-makers.
Whitman, M. E. (2003). Enemy at the gate: threats to information security. Communications of the ACM, 46(8), 91-95.