StudyDaddy Information Systems Security Awareness - You are the new CISO for an organization that has had several breaches, most of which occurred due to vulnerabilities in employee awareness. Create an original security awareness

Security Awareness - You are the new CISO for an organization that has had several breaches, most of which occurred due to vulnerabilities in employee awareness. Create an original security awareness

Security is not only a problem about the technical aspects of the information systems, but it is also a problem of the people hence, it is equally important to keep the people side strong, as it is important to keep the technical aspect strong through the implementation of various physical and logical access controls. Hence, all the people or the entire workforce in the organization needs to have a sense of security which can be implemented through conducting security awareness programs. When it said the entire workforce earlier, it included all the new as well as the existing hires, and across all the departments on a regular basis. Security awareness programs help to ensure that the people in the organization have an appropriate level of know-how about the security as well as awareness and sense of their individual responsibilities towards maintaining security. The security aspect of the organization cannot be achieved only from an effort of a specific department or team like the security team however, it is the responsibility of every single individual present in the organization. 

The components on which the employees should be trained are explained below and employees are expected to follow these rules and guidelines, to protect the companies technology and data, and failure to comply may result in strict action. This policy is available at the internal employee portal level, as well as the tech support team, and the employees should contact the support team in case they have any questions. The employees must use complex passwords, as if the device is stolen or lost, the thief would have control on all the data, as well as penetrate the company network. They should also use two factor authentication methods, the passwords should be at least 8 characters long and use a variety of upper and lowercase letters, numbers, and special characters, and that the password should never be shared. They should be asked to protect the data with encryption, or at least the most sensitive ones. They should also install anti-virus software, and enable its automatic updating. The firewall should also be enabled, the links in emails should be clicked very carefully, surfing the Internet on suspicious websites should be avoided, transferring data with USB flash drives should be avoided. They should be made aware to not open attachments in emails if the source is unknown to them, and that there is an environment, where if in doubt they can ask before getting involved in the suspicious email. As wireless connections are not safe, they should avoid bluetooth whenever possible, and they should use VPNs if working remotely. The employees should never provide access to their device to anyone else, and if they want to provide access for some time, they should open a separate account on their operating system (Tripwire Guest Authors, 2015). 

The employees must use company provided hardwares, and internet connection for work purposes, and must not download any softwares without the permission from the tech support team. Or there should be controls which disable the ability of the users to download softwares from the web. The employees must use company provided email for communication and not the personal email. They should also lock their computer system while stepping away, and report any irregularities in their computer system to the tech team. If the employee encounters or becomes aware of a security breach they should inform the dedicated fraud team or senior employees, or the information security officer (Administrator, 2019).

Security awareness programs should have four components, communication, checklists, content and controls. In terms of communication, the organization should ensure that security is the part of a day to day regular or casual conversation at the organization. The senior level should adequately and frequently communicate the importance of security to the employees through various means such as company newsletter, seminar, company wide emails, etc. Secondly, there should be a checklist, which can be used to ensure that the security awareness practices are being spread in an active manner throughout the entire organization. These checklists not only make sure that security practices are being met, but it also helps the company to stay organized and up to date. The checklist could include various aspects related to security such as, the actions that needs to be taken when a new employee joins the firm, and when the employee terminates their employment with the firm, the process and the frequency that the employees need to be reminded of the security protocols, measures to be taken when unexpected event or incident occurs, etc (Allin, 2020).

There should be a presence of a cache of relevant content about security which the employees can refer to when needed. This can include a security handbook, role-based guidelines, training programs for new hires and existing employees, and a hotline or a chat where the employees can report the security issues and obtain feedback. Lastly, control is important no matter how strong and good is one’s security awareness program. Control needs to be in place to ensure that the employees need authorization and only have access on a need basis, or based on the concept of least privilege (Allin, 2020).

 

References

 

Tripwire Guest Authors. (2015, April 26). 8 Security Practices to Use in Your Employee Training and Awareness Program. Retrieved from https://www.tripwire.com/state-of-security/security-awareness/8-security-practices-to-use-in-your-employee-training-and-awareness-program/ 

 

Administrator, N. H. P. (2019, November 26). How to Get Employees on Board With Cybersecurity Awareness Training. Retrieved from https://www.newhorizons.com/article/how-to-get-employees-on-board-with-cyber-awareness-training 


Allin, B. (2020, February 24). How to Implement a Security Awareness Program at Your Organization. Retrieved from https://www.threatstack.com/blog/how-to-implement-a-security-awareness-program-at-your-organization

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!