doc attached.

1. Review the security awareness training policies at the following websites:
   

   • Health care: State of North Carolina Department of Health and Human Services (https://policies.ncdhhs.gov/departmental/policies-manuals/section-viii-privacy-and-security/manuals/security-manual/@@display-file/policy_file/DHHS%20Security%20Manual.pdf)

   • Higher education: University of San Francisco (http://www.usfca.edu/its/security/seta/)

1. For each sample security awareness training policy that you reviewed in the step above, discuss the policy’s main components. You should focus on the need for a security awareness program and its key elements.

1. Review the following scenario for the fictional Bankwise Credit Union:

The organization is a local credit union that has several branches and locations throughout the region.

Online banking and use of the internet are the bank’s strengths, given its limited human resources.

The customer service department is the organization’s most critical business function.

The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.

The organization wants to monitor and control use of the Internet by implementing content filtering.

The organization wants to eliminate personal use of organization-owned IT assets and systems.

The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls.

The organization wants to implement security awareness training policy mandates for all new hires and existing employees. Policy definitions are to include GLBA and customer privacy data requirements, in addition to a mandate for annual security awareness training for all employees.

Create a security management policy with defined separation of duties for the Bankwise Credit Union.

Bankwise Credit Union

Security Awareness Training Policy

Policy Statement

Define your policy verbiage.

Purpose/Objectives

Define the policy’s purpose as well as its objectives.

Scope

Define whom this policy covers and its scope. What elements, IT assets, or organization-owned assets are within this policy’s scope?

Standards

Does the policy statement point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards.

Procedures

Explain how you intend to implement this policy for the entire organization.

Guidelines

Explain any roadblocks or implementation issues that you must overcome in this section and how you will surmount them per defined guidelines. Any disputes or gaps in the definition and separation of duties responsibility may need to be addressed in this section.

1. There are many vendors that provide security awareness training software to organizations that do not have the time nor the resources to create their own. When selecting a software vendor, many organizations will issue a Request for Information (RFI) to potential vendors, outlining the details of what the organization would like to learn about the vendor’s solution. You can read more about RFIs here: https://www.smartsheet.com/free-request-for-information-templates.

As a security manager at eChef, an online marketplace for high-end kitchenware, you have been tasked with selecting a security awareness training software provider.

Use the internet to research real security awareness training software providers.

Identify three security awareness training software providers.

Identify 10 questions that you would include in your RFI.