Premium Essay

Security Awareness

In: Computers and Technology

Submitted By katdylan
Words 2691
Pages 11
Information Security - Security Awareness

Abstract: 3
Security Awareness 4 Regulatory Requirements for Awareness and Training 7
References 13


Information security means protecting information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. A policy can be described as a set of principles intended to manage actions. An Information Security Policy (ISP) is a defined set of principles intended to protect information and information systems by controlling the actions allowed within an organization.

There is not a single off the shelf approach to implement an ISP. The ISP is tailored to the specific organization and defined by the environment of the IS, the classification of the information, governance and compliance laws, and the levels of acceptable risk to the organization.

An IPS has many areas to cover but the most prominent subject matter is risk management. Risk management addresses an organization's assets exposure to environmental risks. Since risk management is continuous and must be reevaluated whenever changes are introduced into the environment or when a breach of the policy has occurred so should the ISP.

Policies must be useable, workable and realistic. In order to truly measure the effectiveness of an ISP measurements or metrics must be defined in order to grade or rate the effectives. ISPs that are not applicable, reviewed or updated can end up simply as “shelfware”. This means that they are designed, printed and stored on a bookshelf. An ISP that is not continually reviewed, measured and maintained is not effective in today’s fast paced and competitive computer age.

Security Awareness

Information is the lifeblood of an organization, and represents a fundamental business asset in today’s...

Similar Documents

Premium Essay

Security Awareness Training

...The best ways and cost effective method to institute the program is by means of classroom training sessions, posters, useful tips through emails and possible websites that provide security awareness. Utilizing these methods provides the staff a comprehensive awareness of the hospital procedures, security policies, and best practices. The training should be delivered when the employee is first hired and...

Words: 607 - Pages: 3

Premium Essay

Security Awareness Training

...Security Awareness Training Jay Phillips GMGT/431 September 14, 2015 Shivie Bhagan Security Awareness Training With the ever increasing use of technology to be more productive and save on materials costs, more and more companies are converting their data electronically. Some data contains customer’s information while other data may contain confidential information about a company and how it operates. Just because data is sitting on a server somewhere in a locked data center or perhaps a company stores all their data in the cloud, it doesn’t necessarily mean that it is safe where it is at. This is why there is a demand for Security Awareness Training. According to Rouse (n.d.), security awareness training is a formal process for educating employees about computer security. Why would educating employees about computer security be so important? There are many different levels of end users and most do not know the first thing about protecting valuable data. Patton Fuller Hospital is an ideal candidate to implement security training with its employees. PFH has multiple sites, including Doctors who connect from home to review patient data. What kind of training should be implemented? General security training should cover topics such as the company’s policies and procedures, who to contact if an employee believes they have identified a security risk or threat, and rules for how to handle confidential information....

Words: 527 - Pages: 3

Premium Essay

Security Awareness Proposal

...As the new protection officer, you are to create a comprehensive proposal to make the facility secure which includes the following elements: * New adequate security staffing levels and shifts * Effective plan to increase communications * Plan to raise security awareness in the organization * Automation operations plan * A new patrol plan * A comprehensive Physical Security Plan * Access Control Plan * Fire and other hazard plan * Approach to prevent and mitigate workplace crime * Emergency response plan * Surveillance plan This sounds like a great deal of information, but you should rely on the information in...

Words: 368 - Pages: 2

Premium Essay

Employing Information Security Awareness to Minimize over-Exposure of Average Internet User on Social Networks

...International Journal of Scientific and Research Publications, Volume 4, Issue 1, January 2014 ISSN 2250-3153 1 Employing Information Security Awareness to Minimize Over-Exposure of Average Internet User on Social Networks WorawitBinden*, MaheedeenJormae**, ZakariaZain***, Jamaludin Ibrahim*****,**,***,**** Department of Information Systems, Kulliyyah of Information and Communication Technology, International Islamic University Malaysia ABSTRACT-Use of Online Social Networking Sites (OSNs) has become ubiquitous nowadays. In the era of a million user social networking sites throughout the world, it becomes increasingly difficult for people to control what they are exposing to whom. In this paper we analyze the influence of social media interactivity features on the exposure of personal data of average Internet user and present techniques to implement information security awareness to minimize overexposure on OSNs. Index Terms-Online Social Networking, Information Security Awareness, Social Network Interactivity Features I. INTRODUCTION nformation is vital to communication and a critical resource for performing work in organizations. It is also important to individuals, and therefore the need to proper manage it well, is growing rapidly. Protecting data is as important as protecting cash as it is asset – and requires just as much care and planning....

Words: 4473 - Pages: 18

Premium Essay

Lab 5 Assessment Questions & Answers

...How does a security awareness & training policy impact an organization’s ability to mitigate risks, threats, and vulnerabilities? Security awareness training is a formal process for educating employees about computer security. A good security awareness program should educate employees about corporate policies and procedures for working with information technology (IT).  Employees should receive information about who to contact if they discover a security threat and be taught that data as a valuable corporate asset. 2. Why do you need a security awareness & training policy if you have new hires attend or participate in the organization’s security awareness training program during new hire orientation? An employee security awareness program can alleviate the problem of employee security breaches by clarifying why security is important. 3. What is the relationship between an Acceptable Use Policy (AUP) and a Security Awareness & Training Policy? An acceptable use policy (AUP) is a document that outlines a set of rules to be followed by users or customers of a set of computing resources, which could be a computer network, website or large computer system. Security awareness training is a formal process for educating employees about corporate policies and procedures for working with information technology. 4. Why is it important to prevent users from engaging in downloading or installing applications and software found on the Internet?...

Words: 717 - Pages: 3

Premium Essay


...Chapter 5 Developing Security Programs Chapter Overview Chapter 5 will explore the various organizational approaches to information security and provide an explanation of the functional components of the information security program. Readers will learn how to plan and staff an organization’s information security program based on its size and other factors as well as how to evaluate the internal and external factors that influence the activities and organization of an information security program. As the topic of organizing the information security function is expanded upon, the reader will learn how to identify and describe the typical job titles and functions performed in the information security program. The chapter concludes with an exploration of the components of a security education, training, and awareness program and describes how organizations create and manage these programs....

Words: 3969 - Pages: 16

Premium Essay

It Persronal Security and Training Implementaiton Policy

...Before employment can commence Cenartech and the employee will define, via a signed contract, the security protocols to be followed by that employee. The contract will contain the security awareness and training protocols, which covers topics such as, but not limited to: purpose, scope, responsibilities of the employee, co-ordination with management, Cenartech security policies, training frequency and associated security awareness and training standards. All potential employees will be vetted...

Words: 717 - Pages: 3

Premium Essay

Discussion Questions

...Furthermore, the approach of designing, developing, implementing, and reviewing the post-implementation evaluation is part of building an effective security awareness program. A security awareness program can be an organization’s most powerful protection strategy by accomplishing the following: •...

Words: 609 - Pages: 3

Premium Essay

Top 10 Laws of Security

...Most of decision makers handle with security as being a product that is more powerful and competent to use with other products. Therefore, technology is the real driver of such people, and they are following technology updates for anti-malware, IDSs, Firewalls…etc. Such idea about security minimizes the efforts of correct security implementation, causing end users to neglect their responsibility on...

Words: 1692 - Pages: 7

Premium Essay

Tft2 Task2

...Justification: Organizational security awareness is an essential part of the corporate security posture.  Information is one of the most valuable assets owned by...

Words: 1815 - Pages: 8

Free Essay

Week3 Chp2

...* Attend virus awareness training. * Learn how to detect and take basic steps during a virus attack. * Perform back-ups of vulnerable data on a regular basis. * Rotate most current backup media offsite. Technology Services * Provide education and training about virus attack awareness. * Provide education about the dangers and attack profiles of the most prevalent kinds of malware attacks. * Instruct users about proper method for data backups. * Randomly test backups using restores to ensure the quality of the backup procedures, the training, and the quality of the media. * Provide offsite backup media service. * Ensure that a current Incident Response Plan is in place to deal with active attacks and post attack situations. After an Attack Users * Work with Technology services to determine the extent of data loss. * Work with Technology Services to determine the root causes. * Work with Technology Services to provide input updates to the Lessons Learned * Work with Technology Services to provide input updates to the Incident Response Plan * Work with Technology Services to provide input updates to the Security Awareness Training * After Technology Services performs the restore, verify that the data restored properly. Technology Services * Inspect equipment to ensure there was no permanent damage. * Obtain current backup media from offsite....

Words: 1390 - Pages: 6

Premium Essay

Statement of Work

...Statement of Work Computer Security Awareness and Training April 14, 2000 (NOTE: Commentary information is provided in Italics) 1. PURPOSE/OBJECTIVE: The purpose of this Statement of Work (SOW) is to elicit proposals to develop a computer security awareness and training course specific to executives and senior management of the XX Agency (XXA). This course may be conducted by organization staff or by contractor staff under a separate contract. The course encompasses lesson plans, training aids, and handout materials. The contractor shall develop a computer security awareness and training course tailored to XXA's needs. This contract requires the development of computer security awareness training materials tailored to the XXA's needs, which may be used by a contractor or by XXA, in subsequent training sessions. At a minimum, the contractor shall include one or more of the five basic subject areas into a computer security awareness and training plan for the executives and senior management within XXA. The five basic subject areas are: computer security basics; security planning and management; computer security policies and procedures; contingency plan/disaster recovery planning; and systems life cycle management. 2....

Words: 1866 - Pages: 8

Premium Essay

Is4550 Lab 9

...Risk-Threat-Vulnerability IT Security Policy Definition Unauthorized access from Public Internet Acceptable Us Policy User Destroys Data in application and deletes all files Asset Identification and Classification Policy Hacker penetrates you IT infrastructure and gains access to your internal network Vulnerability Assessment and Management Policy Intra-office employee romance gone bad Security Awareness Training Policy Fire destroys primary data center Threat Assessment and Management policy communication circuit outages Asset Protection Policy Workstation OS has a known software vulnerability Vulnerability Assessment and Management Policy Unauthorized access to organization owned Workstations Asset Management Policy Loss of production data Security Awareness Training Policy Denial of service attack on organization e-mail server Vulnerability Assessment and Management Policy Remote communications from home office Asset Protection Policy LAN server OS has a known software vulnerability Vulnerability Assessment and Management Policy User downloads an unknown e-mail attachment Security Awareness Training Policy Workstation browser has software vulnerability Vulnerability Assessment and Management Policy Service provider has a major network outage Asset Protection Policy Weak ingress/egress traffic filtering degrades performance Vulnerability Assessment and Management Policy User inserts CDs and USB hard drives with personal......

Words: 616 - Pages: 3

Premium Essay

Cyber Terror

...(US-CERT, 2005) Over the past few years, we as a nation have seen a major increase in National Security threats in Cyberspeace. President Obama identified Cybersecurity as one of the most serious economic and national security challenges that we are currently facing. Federal government leaders admit to falling behind with the growing threat of attacks from hacker criminals. The government accountability office has identified weakness in security controls in almost all agencies for years but yet to have total control over the threats. One of the underlying causes of the weakness is that agencies fail to implement information security programs which include assessing and managing risks, developing and implementing security policies and procedures, and promoting security awareness. (Nextgov, 2009) In January 2008, President Bush introduced the Comprehensive National Cybersecurity initiative ( CNCI). The CNCI included a number of reinforcing methods that included 1.) Managing the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections. This is headed by the Office of Management and Budget and the Department of Homeland Security, it covers the consolidation of the Federal Government’s external access points (including those to the Internet) 2.) Deploy an intrusion detection system of sensors across the Federal enterprise. Intrusion Detection Systems using passive sensors form a vital part of U.S....

Words: 538 - Pages: 3

Premium Essay

Csec 610

...------------------------------------------------- VULNERABILITES FACTING IT MANAGERS TODAY ------------------------------------------------- “THE HUMAN FACTOR” Alicia M. Frazier Abstract This paper will identify and give the proper knowledge about the single most important vulnerability that IT managers face today. It will provide significant evidence about reasons why it is the most vulnerable, its impacts on a organization, and how an organization can best address its potential impacts. “As human beings, we are vulnerable to confusing the unprecedented with the improbable. In our everyday experience, if something has never happened before, we are generally safe in assuming it is not going to happen in the future, but the exceptions can kill you and climate change is one of those exceptions”. -Al Gore What is Vulnerability? When you think of the word vulnerability what comes to mind? Although, definitions of Vulnerability may vary, Vacca (2013) defines the term as “an asset or a group of assets that can be exploited by one or more threats”. In the cyberworld vulnerability can be described as a weakness in a computer hardware or software, which could possibly become exploited. Most would consider vulnerability, as a threat as the approach in which vulnerability can be exploited through a potential cause of an incident. Today, processes and technology alone can’t assure a secure......

Words: 2316 - Pages: 10