...Security Awareness Training Jay Phillips GMGT/431 September 14, 2015 Shivie Bhagan Security Awareness Training With the ever increasing use of technology to be more productive and save on materials costs, more and more companies are converting their data electronically. Some data contains customer’s information while other data may contain confidential information about a company and how it operates. Just because data is sitting on a server somewhere in a locked data center or perhaps a company stores all their data in the cloud, it doesn’t necessarily mean that it is safe where it is at. This is why there is a demand for Security Awareness Training. According to Rouse (n.d.), security awareness training is a formal process for educating employees about computer security. Why would educating employees about computer security be so important? There are many different levels of end users and most do not know the first thing about protecting valuable data. Patton Fuller Hospital is an ideal candidate to implement security training with its employees. PFH has multiple sites, including Doctors who connect from home to review patient data. What kind of training should be implemented? General security training should cover topics such as the company’s policies and procedures, who to contact if an employee believes they have identified a security risk or threat, and rules for how to handle confidential information. General security training also has the potential of combining...
Words: 527 - Pages: 3
...Information Security - Security Awareness Abstract: 3 Security Awareness 4 Regulatory Requirements for Awareness and Training 7 References 13 Abstract: Information security means protecting information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. A policy can be described as a set of principles intended to manage actions. An Information Security Policy (ISP) is a defined set of principles intended to protect information and information systems by controlling the actions allowed within an organization. There is not a single off the shelf approach to implement an ISP. The ISP is tailored to the specific organization and defined by the environment of the IS, the classification of the information, governance and compliance laws, and the levels of acceptable risk to the organization. An IPS has many areas to cover but the most prominent subject matter is risk management. Risk management addresses an organization's assets exposure to environmental risks. Since risk management is continuous and must be reevaluated whenever changes are introduced into the environment or when a breach of the policy has occurred so should the ISP. Policies must be useable, workable and realistic. In order to truly measure the effectiveness of an ISP measurements or metrics must be defined in order to grade or rate the effectives. ISPs that are not applicable, reviewed...
Words: 2691 - Pages: 11
...Personal Security and Training Purpose The purpose of this document is to outline the requirements any person/or persons must take before they can access any Cenartech information system. This document will outline the following: * Security awareness and training procedures * Policy statement * Security training * Statement * Applicability and Implementation * Alterations * Frequency * Additional * Security records After reading this document an individual will know and understand the security requirements and procedures that must be undertaken before accessing an information system owned or governed by Cenartech. Training requirements can vary dependant on the position an individual has been employed to perform. All training programs have been developed and designed in accordance with the methodologies in The NIST Special Publication 800-50: Building an Information Technology Security Awareness and Training Program (Wilson & Hash, 2003). Security Awareness and Training Procedures Statement All Cenartech employees are required to undergo basic security training before accessing any information system owned or governed by Cenartech. Further training could also be required dependant on the scope of the role of an employee or contractor. Employees will understand all the training requirements prior to employment. Before employment can commence Cenartech and the employee will define, via a signed contract, the security...
Words: 717 - Pages: 3
...Chapter 5 Developing Security Programs Chapter Overview Chapter 5 will explore the various organizational approaches to information security and provide an explanation of the functional components of the information security program. Readers will learn how to plan and staff an organization’s information security program based on its size and other factors as well as how to evaluate the internal and external factors that influence the activities and organization of an information security program. As the topic of organizing the information security function is expanded upon, the reader will learn how to identify and describe the typical job titles and functions performed in the information security program. The chapter concludes with an exploration of the components of a security education, training, and awareness program and describes how organizations create and manage these programs. Chapter Objectives When you complete this chapter, you will be able to: • Recognize and understand the organizational approaches to information security • List and describe the functional components of the information security program • Determine how to plan and staff an organization’s information security program based on its size • Evaluate the internal and external factors that influence the activities and organization of an information security program • List and describe the typical job titles and functions performed in the information security program •...
Words: 3969 - Pages: 16
...1. How does a security awareness & training policy impact an organization’s ability to mitigate risks, threats, and vulnerabilities? Security awareness training is a formal process for educating employees about computer security. A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT). Employees should receive information about who to contact if they discover a security threat and be taught that data as a valuable corporate asset. 2. Why do you need a security awareness & training policy if you have new hires attend or participate in the organization’s security awareness training program during new hire orientation? An employee security awareness program can alleviate the problem of employee security breaches by clarifying why security is important. 3. What is the relationship between an Acceptable Use Policy (AUP) and a Security Awareness & Training Policy? An acceptable use policy (AUP) is a document that outlines a set of rules to be followed by users or customers of a set of computing resources, which could be a computer network, website or large computer system. Security awareness training is a formal process for educating employees about corporate policies and procedures for working with information technology. 4. Why is it important to prevent users from engaging in downloading or installing applications and software found on the Internet? There are hundreds...
Words: 717 - Pages: 3
...department. Virus Attack Before Attack Users * Keep anti-virus software running? * Update virus signatures at least weekly. * Attend virus awareness training. * Learn how to detect and take basic steps during a virus attack. * Perform back-ups of vulnerable data on a regular basis. * Rotate most current backup media offsite. Technology Services * Provide education and training about virus attack awareness. * Provide education about the dangers and attack profiles of the most prevalent kinds of malware attacks. * Instruct users about proper method for data backups. * Randomly test backups using restores to ensure the quality of the backup procedures, the training, and the quality of the media. * Provide offsite backup media service. * Ensure that a current Incident Response Plan is in place to deal with active attacks and post attack situations. After an Attack Users * Work with Technology services to determine the extent of data loss. * Work with Technology Services to determine the root causes. * Work with Technology Services to provide input updates to the Lessons Learned * Work with Technology Services to provide input updates to the Incident Response Plan * Work with Technology Services to provide input updates to the Security Awareness Training * After Technology Services performs the restore, verify that the data restored properly. Technology Services * Inspect equipment to ensure...
Words: 1390 - Pages: 6
...Procurement Specialist IT Security Compliance Officer IT Security Compliance Officer IT Security Engineer IT Security Engineer Needs to monitor compliance with the security directives ,and overall policy to ensure IT effectiveness. Needs to monitor compliance with the security directives ,and overall policy to ensure IT effectiveness. Use results and feedback from various other sources to form a system budget enquiry that will help with financial planning Use results and feedback from various other sources to form a system budget enquiry that will help with financial planning Helps ensure the programs uptake and success. Helps ensure the programs uptake and success. Privacy Security Professional Privacy Security Professional Security Manager Security Manager Need to ensure that awareness and training requirements are established within the organization’s position and ensure that staff receives effective professional development services. Need to ensure that awareness and training requirements are established within the organization’s position and ensure that staff receives effective professional development services. Can help identify training sources, evaluate vendor based and other training sources and aid in the development of awareness and other training materials. Can help identify training sources, evaluate vendor based and other training sources and aid in the development of awareness and other training materials. Disaster Recovery...
Words: 1441 - Pages: 6
...Statement of Work Computer Security Awareness and Training April 14, 2000 (NOTE: Commentary information is provided in Italics) 1. PURPOSE/OBJECTIVE: The purpose of this Statement of Work (SOW) is to elicit proposals to develop a computer security awareness and training course specific to executives and senior management of the XX Agency (XXA). This course may be conducted by organization staff or by contractor staff under a separate contract. The course encompasses lesson plans, training aids, and handout materials. The contractor shall develop a computer security awareness and training course tailored to XXA's needs. This contract requires the development of computer security awareness training materials tailored to the XXA's needs, which may be used by a contractor or by XXA, in subsequent training sessions. At a minimum, the contractor shall include one or more of the five basic subject areas into a computer security awareness and training plan for the executives and senior management within XXA. The five basic subject areas are: computer security basics; security planning and management; computer security policies and procedures; contingency plan/disaster recovery planning; and systems life cycle management. http://www.eeoc.gov/eeoc/doingbusiness/statement_of_work.cfm 2. ENVIRONMENT: Federal organizations have a mandatory requirement to provide computer security awareness and training for employees responsible for management and use of...
Words: 1866 - Pages: 8
...Risk-Threat-Vulnerability IT Security Policy Definition Unauthorized access from Public Internet Acceptable Us Policy User Destroys Data in application and deletes all files Asset Identification and Classification Policy Hacker penetrates you IT infrastructure and gains access to your internal network Vulnerability Assessment and Management Policy Intra-office employee romance gone bad Security Awareness Training Policy Fire destroys primary data center Threat Assessment and Management policy communication circuit outages Asset Protection Policy Workstation OS has a known software vulnerability Vulnerability Assessment and Management Policy Unauthorized access to organization owned Workstations Asset Management Policy Loss of production data Security Awareness Training Policy Denial of service attack on organization e-mail server Vulnerability Assessment and Management Policy Remote communications from home office Asset Protection Policy LAN server OS has a known software vulnerability Vulnerability Assessment and Management Policy User downloads an unknown e-mail attachment Security Awareness Training Policy Workstation browser has software vulnerability Vulnerability Assessment and Management Policy Service provider has a major network outage Asset Protection Policy Weak ingress/egress traffic filtering degrades performance Vulnerability Assessment and Management Policy User inserts CDs and USB hard drives with personal photos...
Words: 616 - Pages: 3
...Cyber Security By Charles Jackson Strayer University Theories of Security Management CIS 502 Dr. Emmanuel Nyeanchi June 7, 2013 Table of Contents Abstract 2 NICE Strategic Plan 3 NICE Goal’s 3 Stockholders 4 NICE Outcome: 6 Professional Competency: 7 Conclusion: 7 References: 7 Abstract Cybersecurity has evolved with such quickness that it is challenging to capture all the moving parts. New threats to include old ones are being developed every day as do plans to defend against them. Electronic information is a critical part of our culture. It’s often said that electronic information created our way of life. No matter how far we’ve advanced with the age of new Technology, it remains a fact that cyberspace has a phenomenal impact on each of our lives. It’s extremely important for us to understand that we must have security in cyberspace just as we maintain security in our physical world. It’s very difficult...
Words: 1131 - Pages: 5
...Signature: ******************************************* Instructor’s Grade on Assignment: Instructor’s Comments: When “Hope” Spells Problems Case Analysis In order to solve the problem in this scenario, management’s goal should be to establish an IT governance framework within their organization. They need to decide which archetype to implement and also need to invest in education and training of IT security. The root problem in this case is poor information security strategy. If there was been an effective governance pattern in place this problem could have been avoided. Three needed to have been constant monitoring of how the software updated was being installed, who was installing it and where in order to avoid this breach of security to the recipients of the HOPE scholarships. There are several alternatives that can be implemented in this scenario. The first is to leave everything as is and not do anything but obviously this would open up the possibility of it happening again when another upgrade becomes necessary. Another alternative would be to provide better training to the technicians that are working on the systems however, although this would help...
Words: 765 - Pages: 4
...H: (931) 395-0053 rodorodz@gmail.com OBJECTIVE Seeking a Full time position. PROFESSIONAL SUMMARY Over three years of progressive experience and training performing Air Defense artillery operations including surveillance and combat operations as a Team Leader with direct supervisory responsibility for up to 5 personnel. Bilingual, fluent Spanish and English. Proficient in small unit close-quarters combat techniques in urban settings. Proficient in radars, missiles and rockets. Qualified with a variety of small arms weapons with training in both safety and marksmanship procedures. Proficient in a variety of computer software to include: Microsoft Word, Excel, Power Point and the internet. Strong and effective oral and written communication skills. Possess United States Government Security Clearance Secret and valid driver's license. SKILLS Critical thinking Adept multi-tasker Weapons training Trained in counterterrorism strategies First Aid certified Trained in cross-cultural communication Secret Security Clearance Defensive tactics training Troubleshooting Calm in emergency situations Trained in security Safety-conscious Quick learner Service-oriented Team leader WORK HISTORY Team Leader, 09/2011 to Current U.S. Army – Fort Campbell, KY Developed and led training programs in preparation for combat. Employed, fired and recovered anti-personnel and anti-tank rockets and mortars. Served as custodian of classified documents. Operated...
Words: 613 - Pages: 3
...Week 9 Assignment 3: Cybersecurity The National Initiative for Cyber Security Education Initiative. Released in 2009, the Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure acknowledged the need for cybersecurity public awareness and an advanced cybersecurity workforce. To address these needs, the Comprehensive National Cybersecurity Initiative (CNCI) developed 11 initiatives to help secure the United States in cyberspace. The National Initiative for Cybersecurity Education (NICE) was established to lead the work on the goals outlined in Initiative 8, which addresses the Nation’s cybersecurity needs related to public awareness, education, professional development, and talent management. (McDuffie, 2009) In the past 20 years, the innovative use of cyberspace has transformed the day-to-day operations of the Nation. These advances have enhanced the lives of individuals, business, and government in profound ways. From eCommerce, to mobile communications and complex networked systems, the rapidly growing dependence on cyberspace is evident. In the years to come, the Nation’s dependence on cyberspace will only increase as technology advances and will further integrate into our daily lives. Great advances in technology comes with great risks. The Cyberspace Policy Review identified vulnerabilities in cybersecurity as systemic risks introduced into infrastructure, defense, and personal property due to the widespread adoption...
Words: 1570 - Pages: 7
...Employee’s Security Vulnerabilities and the Affects on Organization’s Information Technology University Maryland University College Employee’s Security Vulnerabilities and the Affects on Organization’s Information Technology Cyber security vulnerabilities and threats are real and constant. Information technology breakthroughs have given our adversaries cheaper and often effective cyber weapons to harm U.S. computer networks and systems (Gen Alexander, 2011). Unfortunately, our adversaries are not our greatest vulnerability to cyber security or cyber space. Cyber security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Cyber space is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures. (Ruquet, 2011). The government has been coordinating with private organizations and the public sector to protect information technology. They have been working to detect, prevent, and mitigate cyber threats and vulnerabilities. There are multiple vulnerabilities which adversely affect information technology but this paper will focus on the human factor. Information...
Words: 2131 - Pages: 9
...resilience layer 3. DRP Training 4. Criteria for choosing outside expertise 5. Developing an awareness campaign a) Evaluate one method of awareness campaign Roles of the DRP/ECP Team • Declares a disaster has occurred • Maintain current documentation of the DRP • Responsibility of staff • Testing DRP Six Resilience Layers 1. 2. 3. 4. 5. 6. Strategy Organization Processes Data / Application Technology Facilities / Security Outline of Resilience Layers 1. Strategy • Achieving business goals and objectives • Complete resilience assessment: • Determine the baseline for the organization • Asses vulnerabilities and risk • Success of resilience plan Outline of Resilience Layers 2. Organization • • • • • Executive committee sponsor Details roles and responsibilities Accountabilities Communication Skills important to the organization Outline of Resilience Layers 3. Processes • Creating and sustaining a processes • Alternate processes and procedures • Contingency plan Outline of Resilience Layers 4. Data / Application • • • • • Reliable data provided Alignment of disparate data and application Measurement of Key application Modification of application and data Testing of applications Outline of Resilience Layers 5. Technology • • • • Hardware and software Aligning IT investment with business objective Primary site vs. alternative site Points of failure within the system Outline of Resilience Layers 6. Facilities / Security • • • • Logical and...
Words: 330 - Pages: 2
