Awareness of Security Operation Awareness on Security Operation Name of the Student Name of the University Author's Note: Mahindra Bank
VerifiedAdded on  2022/10/16
|18
|4611
|352
AI Summary
2 2AWARENESS OF SECURITY OPERATION AWARENESS ON SECURITY OPERATION Awareness on Security Operation Name of the Student Name of the university Author’s Note: Executive Summary A security awareness program is a ceremonial program held by any organization to train the employees and users about the potential ongoing cyber-threats to the information of the organization. Security Awareness Strategy and Plan 4 3.1 Employee Education 5 3.2 Software or Technological Enhancement 5 3.3 Process Engineering 6 4. Methods for Delivery of Security
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: AWARENESS ON SECURITY OPERATION
Awareness on Security Operation
Name of the Student
Name of the university
Author’s Note:
Awareness on Security Operation
Name of the Student
Name of the university
Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
AWARENESS OF SECURITY OPERATION
Executive Summary
A security awareness program is a ceremonial program held by any organization to train the
employees and users about the potential ongoing cyber-threats to the information of the
organization. Mahindra bank is a leading bank in Australia is facing some hazardous issues
like phishing mail, ransomware infection as well as data breach on PII information. The goal
of this security awareness program is to eventually reduce the respective attack surface of the
organization by changing the behavior of the employee for protecting potential information.
This report has provided recommendations for reducing impact of phishing attacks. The most
basic recommendation would be not entertaining any type of unsolicited email. Another
effective solution would be changing passwords periodically. Five popular delivery methods
for security awareness are described in the report, which are conventional, instruction led,
online, video based and simulation based. Each of these methods are extremely effective for
delivering proper updates related to cyber security to the employees. The report has also
demonstrated about security awareness strategy and plan for Mahindra Bank, so that they are
able to secure their PII information.
AWARENESS OF SECURITY OPERATION
Executive Summary
A security awareness program is a ceremonial program held by any organization to train the
employees and users about the potential ongoing cyber-threats to the information of the
organization. Mahindra bank is a leading bank in Australia is facing some hazardous issues
like phishing mail, ransomware infection as well as data breach on PII information. The goal
of this security awareness program is to eventually reduce the respective attack surface of the
organization by changing the behavior of the employee for protecting potential information.
This report has provided recommendations for reducing impact of phishing attacks. The most
basic recommendation would be not entertaining any type of unsolicited email. Another
effective solution would be changing passwords periodically. Five popular delivery methods
for security awareness are described in the report, which are conventional, instruction led,
online, video based and simulation based. Each of these methods are extremely effective for
delivering proper updates related to cyber security to the employees. The report has also
demonstrated about security awareness strategy and plan for Mahindra Bank, so that they are
able to secure their PII information.
2
AWARENESS OF SECURITY OPERATION
Table of Contents
1. Introduction............................................................................................................................3
2. Security Awareness Needs Assessment.................................................................................3
3. Security Awareness Strategy and Plan...................................................................................4
3.1 Employee Education........................................................................................................5
3.2 Software or Technological Enhancement........................................................................5
3.3 Process Engineering.........................................................................................................6
4. Methods for Delivery of Security Awareness........................................................................7
4.1 Conventional delivery methods........................................................................................7
4.2 Instructor-led delivery methods.......................................................................................7
4.3 Online delivery methods..................................................................................................8
4.4 Video-based delivery methods.........................................................................................8
4.5 Simulation-based delivery methods.................................................................................9
5. Threats and Discussion........................................................................................................10
5.1 The lure..........................................................................................................................10
5.2 The hook.........................................................................................................................10
5.3 The catch........................................................................................................................11
6. Security Awareness Measures and Metrics..........................................................................11
7. Conclusion............................................................................................................................14
References................................................................................................................................15
AWARENESS OF SECURITY OPERATION
Table of Contents
1. Introduction............................................................................................................................3
2. Security Awareness Needs Assessment.................................................................................3
3. Security Awareness Strategy and Plan...................................................................................4
3.1 Employee Education........................................................................................................5
3.2 Software or Technological Enhancement........................................................................5
3.3 Process Engineering.........................................................................................................6
4. Methods for Delivery of Security Awareness........................................................................7
4.1 Conventional delivery methods........................................................................................7
4.2 Instructor-led delivery methods.......................................................................................7
4.3 Online delivery methods..................................................................................................8
4.4 Video-based delivery methods.........................................................................................8
4.5 Simulation-based delivery methods.................................................................................9
5. Threats and Discussion........................................................................................................10
5.1 The lure..........................................................................................................................10
5.2 The hook.........................................................................................................................10
5.3 The catch........................................................................................................................11
6. Security Awareness Measures and Metrics..........................................................................11
7. Conclusion............................................................................................................................14
References................................................................................................................................15
3
AWARENESS OF SECURITY OPERATION
1. Introduction
Security awareness program has dynamically designed to evolve the future needs of
organization and employee. Due to the rapid growth of advanced rapid information
technology, financial organization like Mahindra Bank is facing many inside cyber-attacks
(Safa, Von Solms and Furnell 2016). A phishing email, ransomware infection or even data
breaches of PII information are one of the cyber-attacks that resulted in a loss of sensitive
information that is a disturbance of the organization. Employees or workers are completely
unaware of this kind of threat. For the core purpose of providing awareness to the employees
of Mahindra bank and ensure that cyber threats are being eradicated on time, it is required to
involve a training awareness program (Zhao, An and Kiekintveld 2016). This report includes
gathering information about needs proper assessment, strategy, and plan, methodologies for
delivery and measures or metrics. This report outlines about the innovation that can have
implemented by the IT department to aware the employees of Mahindra Bank about cyber-
threats. The metrics and measures of security awareness how they and the methods and
delivery of the security awareness program are have discussed in this report.
2. Security Awareness Needs Assessment
Mahindra bank is facing a prominent risk due to changing in a technological system
that is applicable for a particular framework. After the introduction of mobile banking, ATM,
and online banking service, such distinct threats are emerging to a high extent. Exchanging
money through platinum card, smart card and credit card has eventually raised this IT risk.
The control over the network system is failing for the risk generating due to the technological
risk. The banks are continuously under pressure for clearing the customer complaints that
they face due to the technological issue (Cavusoglu et al. 2015).
AWARENESS OF SECURITY OPERATION
1. Introduction
Security awareness program has dynamically designed to evolve the future needs of
organization and employee. Due to the rapid growth of advanced rapid information
technology, financial organization like Mahindra Bank is facing many inside cyber-attacks
(Safa, Von Solms and Furnell 2016). A phishing email, ransomware infection or even data
breaches of PII information are one of the cyber-attacks that resulted in a loss of sensitive
information that is a disturbance of the organization. Employees or workers are completely
unaware of this kind of threat. For the core purpose of providing awareness to the employees
of Mahindra bank and ensure that cyber threats are being eradicated on time, it is required to
involve a training awareness program (Zhao, An and Kiekintveld 2016). This report includes
gathering information about needs proper assessment, strategy, and plan, methodologies for
delivery and measures or metrics. This report outlines about the innovation that can have
implemented by the IT department to aware the employees of Mahindra Bank about cyber-
threats. The metrics and measures of security awareness how they and the methods and
delivery of the security awareness program are have discussed in this report.
2. Security Awareness Needs Assessment
Mahindra bank is facing a prominent risk due to changing in a technological system
that is applicable for a particular framework. After the introduction of mobile banking, ATM,
and online banking service, such distinct threats are emerging to a high extent. Exchanging
money through platinum card, smart card and credit card has eventually raised this IT risk.
The control over the network system is failing for the risk generating due to the technological
risk. The banks are continuously under pressure for clearing the customer complaints that
they face due to the technological issue (Cavusoglu et al. 2015).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
AWARENESS OF SECURITY OPERATION
Phishing emails are fraud attempts for obtaining sensitive information such as
username and password of the customer. Phishing is usually have done by the emerging a
link inside the email where the customer has asked to fill a form of the regarding fake
company (Tsohou, Karyda and Kokolakis 2015). Besides, ransomware infection is an
extremely common and rapid growing threat to any type of data file of a financial
organization like Mahindra Bank. The infection is a malware, which locks computer and
prevents using data until customer pay a ransom. All these kind of paying method of ransom
is quite risky. PII information can have exposed or sold on dark web and used to prepare
identity theft. It is one of the major reasons for implementing awareness on cyber threats.
Security awareness should have integrated into the business culture with moderation weekly,
monthly, quarterly, and always keep updated about the customers about the recent problems
and keep up the company’s reputation (Dahbur, Bashabsheh and Bashabsheh 2017).
3. Security Awareness Strategy and Plan
Maintaining a proper security awareness program requires some strategy and plan
required. There should be cultural security team to aware the employees to communicate with
the customer about cyber-threats like phishing attacks, ransomware infection of data and data
breach of PII information. The cultural security team will help to prevent the loss of
capability of banking services that are degrading and putting down the company’s reputation
(Arachchilage and Love 2014). The problem of phishing emails can have tackled by some
trial and error method approach. Employee education, technological enhancement and
process engineering have included among them. To know the employees about the phishing
attackers and aware employees about the kind of phishing attack happening in financial
institutions are making an effort in providing end user education for learning how the security
works.
AWARENESS OF SECURITY OPERATION
Phishing emails are fraud attempts for obtaining sensitive information such as
username and password of the customer. Phishing is usually have done by the emerging a
link inside the email where the customer has asked to fill a form of the regarding fake
company (Tsohou, Karyda and Kokolakis 2015). Besides, ransomware infection is an
extremely common and rapid growing threat to any type of data file of a financial
organization like Mahindra Bank. The infection is a malware, which locks computer and
prevents using data until customer pay a ransom. All these kind of paying method of ransom
is quite risky. PII information can have exposed or sold on dark web and used to prepare
identity theft. It is one of the major reasons for implementing awareness on cyber threats.
Security awareness should have integrated into the business culture with moderation weekly,
monthly, quarterly, and always keep updated about the customers about the recent problems
and keep up the company’s reputation (Dahbur, Bashabsheh and Bashabsheh 2017).
3. Security Awareness Strategy and Plan
Maintaining a proper security awareness program requires some strategy and plan
required. There should be cultural security team to aware the employees to communicate with
the customer about cyber-threats like phishing attacks, ransomware infection of data and data
breach of PII information. The cultural security team will help to prevent the loss of
capability of banking services that are degrading and putting down the company’s reputation
(Arachchilage and Love 2014). The problem of phishing emails can have tackled by some
trial and error method approach. Employee education, technological enhancement and
process engineering have included among them. To know the employees about the phishing
attackers and aware employees about the kind of phishing attack happening in financial
institutions are making an effort in providing end user education for learning how the security
works.
5
AWARENESS OF SECURITY OPERATION
There should be an anti-phishing workgroup in every financial organization to detect
the attackers. An effective effort should be given for resolving these phishing threats by
preventing and detecting phishing email, URLs, and websites. Employees should be trained
properly for stopping phishing attacks (Peltier 2016). Automatic anti-phishing tools should be
implemented for alerting users. Security experts in Mahindra bank are continuously trying to
improve the spam and phishing detecting tools.
3.1 Employee Education
Employee capability and analytical skills for successful recognition of the cyber-
attacks would be extremely effective. The management of Mahindra Bank should start cyber
awareness during their on boarding process of employees (Bada, Sasse and Nurse 2019). A
formal plan should also be created to ensure that the employees are well communicated
regarding cyber threats. Moreover, the employees should be able to conduct evaluations
regarding cyber security. Employee reward system should also be introduced after checking
if every employee is following cyber security plan.
3.2 Software or Technological Enhancement
There are different types of anti-spamming software, which comprise of higher
success rate for effectively detecting and reducing cyber-attacks. The sources should be
blocked and with the help of firewalls. Moreover, the filters would be extremely effective for
spam emails. A financial organization like Mahindra bank needs much more developed
software to prevent those attacks (Konradt, Schilling and Werners 2016). Software
enhancement would be required for up gradation of the hardware and software capabilities.
Such enhancement is needed to ensure performance scalability and client specification.
AWARENESS OF SECURITY OPERATION
There should be an anti-phishing workgroup in every financial organization to detect
the attackers. An effective effort should be given for resolving these phishing threats by
preventing and detecting phishing email, URLs, and websites. Employees should be trained
properly for stopping phishing attacks (Peltier 2016). Automatic anti-phishing tools should be
implemented for alerting users. Security experts in Mahindra bank are continuously trying to
improve the spam and phishing detecting tools.
3.1 Employee Education
Employee capability and analytical skills for successful recognition of the cyber-
attacks would be extremely effective. The management of Mahindra Bank should start cyber
awareness during their on boarding process of employees (Bada, Sasse and Nurse 2019). A
formal plan should also be created to ensure that the employees are well communicated
regarding cyber threats. Moreover, the employees should be able to conduct evaluations
regarding cyber security. Employee reward system should also be introduced after checking
if every employee is following cyber security plan.
3.2 Software or Technological Enhancement
There are different types of anti-spamming software, which comprise of higher
success rate for effectively detecting and reducing cyber-attacks. The sources should be
blocked and with the help of firewalls. Moreover, the filters would be extremely effective for
spam emails. A financial organization like Mahindra bank needs much more developed
software to prevent those attacks (Konradt, Schilling and Werners 2016). Software
enhancement would be required for up gradation of the hardware and software capabilities.
Such enhancement is needed to ensure performance scalability and client specification.
6
AWARENESS OF SECURITY OPERATION
3.3 Process Engineering
The subsequent experience gained from cyber-attacks could be helpful for the
employee to execute business processes and also eliminate authentic loophole procedure.
This type of business procedure should be properly engineered in such a manner that such
issues are being reduced without any type of complexity (Wolf and Floyd 2017). Process
engineering can be referred to as proper understanding as well as application of principles for
transforming confidential information.
While keeping track of any known threat, risks and previous attackers help to imagine
what the attacker is going to do in the future. A proper IT infrastructure can have
implemented that will strengthen the network system of the selected organization like
Mahindra Bank that performs daily jobs functions (Slayton 2015). After that, one of the
important things the financial industries have to keep in their mind is how to increase the
overall program Security awareness level. Employees must have implemented a proactive
security mindset. Polytrophic tests or background check of the suspected employee should
have help to detect the fraud.
AWARENESS OF SECURITY OPERATION
3.3 Process Engineering
The subsequent experience gained from cyber-attacks could be helpful for the
employee to execute business processes and also eliminate authentic loophole procedure.
This type of business procedure should be properly engineered in such a manner that such
issues are being reduced without any type of complexity (Wolf and Floyd 2017). Process
engineering can be referred to as proper understanding as well as application of principles for
transforming confidential information.
While keeping track of any known threat, risks and previous attackers help to imagine
what the attacker is going to do in the future. A proper IT infrastructure can have
implemented that will strengthen the network system of the selected organization like
Mahindra Bank that performs daily jobs functions (Slayton 2015). After that, one of the
important things the financial industries have to keep in their mind is how to increase the
overall program Security awareness level. Employees must have implemented a proactive
security mindset. Polytrophic tests or background check of the suspected employee should
have help to detect the fraud.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
AWARENESS OF SECURITY OPERATION
Figure 1: Security Strategy and Plan
(Source: Created by the Author)
4. Methods for Delivery of Security Awareness
After making some strategy and plan, the financial organization’s main concern is
how to deliver those strategies in the security awareness program (Soomro, Shah and Ahmed
2016). The success of the program is dependent upon how they delivered to the employee.
Some delivery methods have reviewed in the report.
4.1 Conventional delivery methods
The most common methodologies of delivering security awareness information
mainly include paper resources. Hence, electronic resources are not effective for this purpose.
A popular example of such conventional delivery method is poster. In these common delivery
methods, posters could be effective for gathering information (Karadag 2015). Several time-
sensitive issues are required for highlighting and reminding people regarding specific actions
that are needed to be undertaken. However, one of the major disadvantage of this poster is
that once a poster has been developed, adaptations are not entertained.
4.2 Instructor-led delivery methods
It is a top-down approach that aims in having a major impact over individual level
after taking help from an expert. One of the advantages of these particular delivery methods
can answer the student questions timely. In this type of delivery, method knowledge has
shared between the professionals of information security and employees. However, this
particular approach assumes that customers are highly knowledgeable about the subject.
Although customers have attracted towards static based delivery method customers may find
it boring (Eggenschwiler, Agrafiotis and Nurse 2016). The success of the delivery methods
AWARENESS OF SECURITY OPERATION
Figure 1: Security Strategy and Plan
(Source: Created by the Author)
4. Methods for Delivery of Security Awareness
After making some strategy and plan, the financial organization’s main concern is
how to deliver those strategies in the security awareness program (Soomro, Shah and Ahmed
2016). The success of the program is dependent upon how they delivered to the employee.
Some delivery methods have reviewed in the report.
4.1 Conventional delivery methods
The most common methodologies of delivering security awareness information
mainly include paper resources. Hence, electronic resources are not effective for this purpose.
A popular example of such conventional delivery method is poster. In these common delivery
methods, posters could be effective for gathering information (Karadag 2015). Several time-
sensitive issues are required for highlighting and reminding people regarding specific actions
that are needed to be undertaken. However, one of the major disadvantage of this poster is
that once a poster has been developed, adaptations are not entertained.
4.2 Instructor-led delivery methods
It is a top-down approach that aims in having a major impact over individual level
after taking help from an expert. One of the advantages of these particular delivery methods
can answer the student questions timely. In this type of delivery, method knowledge has
shared between the professionals of information security and employees. However, this
particular approach assumes that customers are highly knowledgeable about the subject.
Although customers have attracted towards static based delivery method customers may find
it boring (Eggenschwiler, Agrafiotis and Nurse 2016). The success of the delivery methods
8
AWARENESS OF SECURITY OPERATION
depends upon the ability of the customer to take the details effectively and efficiently. This
type of group-based sharing experience and knowledge amongst employees are extremely
important for the organization.
4.3 Online delivery methods
There exist several forms of online delivery system available in the market. The
online delivery system includes e-mail broadcasting, information upload, online
synchronization, blogging, animation as well as multimedia. This kind of delivery method is
for multimedia teaching methods over different geographic areas. Web-based security
awareness training is one type of delivery method of online delivery methods (Safa et al.
2015). For example, WBT based delivery may take the content after inclusion of graphics and
animations. The drawback of the WBT based delivery system is it is very expensive. There
are various kinds of blogs for teaching people for identifying web sites accurately. Several
organizations have developed blogs for educating people for identifying phishing websites
appropriately.
4.4 Video-based delivery methods
As a part of the security awareness program educational video, take an important role
as part of the security awareness program. Classroom trainer not needed for spreading
security awareness. Online video is considered as the only medium, which provides audio
and video-based learning for customers (Sadeh-Koniecpol et al.2017). Influencing feature
makes the online video more effective and efficient, but it is not time-dependent. It depends
upon the user how they manage to use their time. However, they can study independently.
Those are the benefits of the delivery system. Customer can learn from the web-based video,
which is available on the internet. Customer can watch those videos, as much time they want.
The videos may be expensive to buy or watch. Someone can watch those videos countless
times.
AWARENESS OF SECURITY OPERATION
depends upon the ability of the customer to take the details effectively and efficiently. This
type of group-based sharing experience and knowledge amongst employees are extremely
important for the organization.
4.3 Online delivery methods
There exist several forms of online delivery system available in the market. The
online delivery system includes e-mail broadcasting, information upload, online
synchronization, blogging, animation as well as multimedia. This kind of delivery method is
for multimedia teaching methods over different geographic areas. Web-based security
awareness training is one type of delivery method of online delivery methods (Safa et al.
2015). For example, WBT based delivery may take the content after inclusion of graphics and
animations. The drawback of the WBT based delivery system is it is very expensive. There
are various kinds of blogs for teaching people for identifying web sites accurately. Several
organizations have developed blogs for educating people for identifying phishing websites
appropriately.
4.4 Video-based delivery methods
As a part of the security awareness program educational video, take an important role
as part of the security awareness program. Classroom trainer not needed for spreading
security awareness. Online video is considered as the only medium, which provides audio
and video-based learning for customers (Sadeh-Koniecpol et al.2017). Influencing feature
makes the online video more effective and efficient, but it is not time-dependent. It depends
upon the user how they manage to use their time. However, they can study independently.
Those are the benefits of the delivery system. Customer can learn from the web-based video,
which is available on the internet. Customer can watch those videos, as much time they want.
The videos may be expensive to buy or watch. Someone can watch those videos countless
times.
9
AWARENESS OF SECURITY OPERATION
4.5 Simulation-based delivery methods
In simulation based delivery method, the customers have sent simulated phishing
emails for testing user’s helplessness by phishing attacks and then end-up with training. In
the end, customers have given the materials that will inform them about the upcoming
phishing attack (Brooks and Rieger 2016). A similar approach called embedded training that
teaches customers about the phishing attacks. Follow-up notification and phishing emails
avoid subsequent phishing attacks than those who have given a pamphlet that contains
information about combat phishing. A study shows that simulation-based and pamphlet-based
delivery models say users using follow-up notification were better able to avoid various kinds
of phishing attacks.
There is also another way of delivering awareness among employees named a game
based delivery system. Awareness could be created through a compact graphics and
advertisement between the game (Gupta, Arachchilage and Psannis 2018).
Figure 2: Different Methods of Delivery
(Source: Created by the Author)
AWARENESS OF SECURITY OPERATION
4.5 Simulation-based delivery methods
In simulation based delivery method, the customers have sent simulated phishing
emails for testing user’s helplessness by phishing attacks and then end-up with training. In
the end, customers have given the materials that will inform them about the upcoming
phishing attack (Brooks and Rieger 2016). A similar approach called embedded training that
teaches customers about the phishing attacks. Follow-up notification and phishing emails
avoid subsequent phishing attacks than those who have given a pamphlet that contains
information about combat phishing. A study shows that simulation-based and pamphlet-based
delivery models say users using follow-up notification were better able to avoid various kinds
of phishing attacks.
There is also another way of delivering awareness among employees named a game
based delivery system. Awareness could be created through a compact graphics and
advertisement between the game (Gupta, Arachchilage and Psannis 2018).
Figure 2: Different Methods of Delivery
(Source: Created by the Author)
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
AWARENESS OF SECURITY OPERATION
5. Threats and Discussion
Phishing can be referred to as a fraudulent attempt that is being used for stealing
confidential information of users, like credit card and debit card details. The modern world
thinks that emails are the best modes of communication for any type of data sharing. At the
same time, the illegal business market is growing through a phishing email. Various kinds of
automated software tools have used to reach out the end-users for phishing (Zhao, An and
Kiekintveld 2016). These phishing tools are extremely effective for easier fixation the
duration and frequency of the attack. A phishing email is hiding the source of the mail or
hiding the main content of an important mail. Email spoofer Bulk Mailer is one of that main
phishing mail tool.
Phishing mainly relies on the deception, in which attackers can hide as other person
and is checked on the basis of human level relationships with their target. They even try to
disclose the information (Konradt, Schilling and Werners 2016). While classifying the target
vector, the employee should have looked into the problem through both social and
technological aspect. A phishing attack comprises of three major types of luring, hooking and
catching.
5.1 The lure
It is an email message, which appears from the lawful financial organization like
Mahindra bank where a message comprises of a link to catch the attention of the customer.
Some URL often hides the hook and hence the user does not any idea regarding this issue
(Filkins 2017).
AWARENESS OF SECURITY OPERATION
5. Threats and Discussion
Phishing can be referred to as a fraudulent attempt that is being used for stealing
confidential information of users, like credit card and debit card details. The modern world
thinks that emails are the best modes of communication for any type of data sharing. At the
same time, the illegal business market is growing through a phishing email. Various kinds of
automated software tools have used to reach out the end-users for phishing (Zhao, An and
Kiekintveld 2016). These phishing tools are extremely effective for easier fixation the
duration and frequency of the attack. A phishing email is hiding the source of the mail or
hiding the main content of an important mail. Email spoofer Bulk Mailer is one of that main
phishing mail tool.
Phishing mainly relies on the deception, in which attackers can hide as other person
and is checked on the basis of human level relationships with their target. They even try to
disclose the information (Konradt, Schilling and Werners 2016). While classifying the target
vector, the employee should have looked into the problem through both social and
technological aspect. A phishing attack comprises of three major types of luring, hooking and
catching.
5.1 The lure
It is an email message, which appears from the lawful financial organization like
Mahindra bank where a message comprises of a link to catch the attention of the customer.
Some URL often hides the hook and hence the user does not any idea regarding this issue
(Filkins 2017).
11
AWARENESS OF SECURITY OPERATION
5.2 The hook
The hook can be termed as a website, which copies the respective site of a legal
organization that the victim is willing to disclose confidential data (Tirumala, Sathu and
Naidu 2015).
5.3 The catch
The third type is catch, in which phisher makes use of all types of collected data.
Phishing attack covers a diverse range of techniques, which are spear phishing, clone
phishing and finally malware based phishing.
In a spear phishing email, the respective individual groups are being targeted apart
from a random user or group. In this kind of phishing, the attacker researches about their
potential victim and settings within the victim’s computer (Saleem and Hammoudeh 2018).
Clone phishing, on the other hand, a previously delivered lawful email is being used for
cloning a malicious email. This kind of phishing attack involves key loggers and screen
grabbers. Malware-based phishing is the type of phishing attack, in which malware is being
introduced within the mail for hacking confidential information.
The computer is being used for further phishing attack. Mahindra Bank, being a
popular bank, should understand each and every aspect related to phishing attack. It is the
fraudulent utilization of different electronic communications for deceiving and taking
advantage of users. Such attacks attempt in gaining confidential data like network credentials,
usernames, passwords or even credit card and debit card details (Pendleton et al. 2017). The
financial data of the bank’s customers could be stolen by the cyber attackers by manipulating
victims into clicking over a malicious attachment or link. Organizational network is being
accessed by the attackers for the core purpose of committing such fraud activities. Phishing
AWARENESS OF SECURITY OPERATION
5.2 The hook
The hook can be termed as a website, which copies the respective site of a legal
organization that the victim is willing to disclose confidential data (Tirumala, Sathu and
Naidu 2015).
5.3 The catch
The third type is catch, in which phisher makes use of all types of collected data.
Phishing attack covers a diverse range of techniques, which are spear phishing, clone
phishing and finally malware based phishing.
In a spear phishing email, the respective individual groups are being targeted apart
from a random user or group. In this kind of phishing, the attacker researches about their
potential victim and settings within the victim’s computer (Saleem and Hammoudeh 2018).
Clone phishing, on the other hand, a previously delivered lawful email is being used for
cloning a malicious email. This kind of phishing attack involves key loggers and screen
grabbers. Malware-based phishing is the type of phishing attack, in which malware is being
introduced within the mail for hacking confidential information.
The computer is being used for further phishing attack. Mahindra Bank, being a
popular bank, should understand each and every aspect related to phishing attack. It is the
fraudulent utilization of different electronic communications for deceiving and taking
advantage of users. Such attacks attempt in gaining confidential data like network credentials,
usernames, passwords or even credit card and debit card details (Pendleton et al. 2017). The
financial data of the bank’s customers could be stolen by the cyber attackers by manipulating
victims into clicking over a malicious attachment or link. Organizational network is being
accessed by the attackers for the core purpose of committing such fraud activities. Phishing
12
AWARENESS OF SECURITY OPERATION
scams might utilize forgery in website, after employment of JavaScript commands. Hence, it
is vital for the employees of Mahindra Bank to know about all possible effects of phishing.
6. Security Awareness Measures and Metrics
It is required to compute the probable percentage of passwords within a pre-defined
time for measuring the overall effectiveness of the organizational policy in Mahindra Bank.
There are four types of measures and metrics for security awareness, which are misleading
metrics, component metrics, behavioral metrics and tangible metrics (Pendletonet et al.
2017). Efficiency and effectiveness of the IT security policy should be renewed for successful
evaluation of security awareness program.
Managers of Mahindra Bank should be familiar while measuring the success criteria
of the security awareness. Financial performance measures alone do not collect all the
information together (Egelman and Peer 2015). The first and the foremost metric is
misleading metrics. It is vital to understand the major differences between training and
awareness. Training to the employees would be providing a detailed description on measures
and metrics that are needed to be undertaken by them. The most common metrics that are
related to security awareness are not at all helpful for justifying the efforts of security
awareness. Component metrics are the second type of metrics, which are helpful for
Mahindra Bank in optimization of budgets. The major impacts are being checked after
consideration of the component and analytics. If the analytics on employees’ and customers’
emails are low, it is evident that they are vulnerable towards risks and threats.
The third metrics is behavioral metrics, which help to understand the changing
behaviors of employees. Periodical feedback sessions should be arranged for the employees,
for understanding if the awareness program is providing results, as per expectation in the
bank (Dahbur, Bashabsheh and Bashabsheh 2017). The management of Mahindra Bank
AWARENESS OF SECURITY OPERATION
scams might utilize forgery in website, after employment of JavaScript commands. Hence, it
is vital for the employees of Mahindra Bank to know about all possible effects of phishing.
6. Security Awareness Measures and Metrics
It is required to compute the probable percentage of passwords within a pre-defined
time for measuring the overall effectiveness of the organizational policy in Mahindra Bank.
There are four types of measures and metrics for security awareness, which are misleading
metrics, component metrics, behavioral metrics and tangible metrics (Pendletonet et al.
2017). Efficiency and effectiveness of the IT security policy should be renewed for successful
evaluation of security awareness program.
Managers of Mahindra Bank should be familiar while measuring the success criteria
of the security awareness. Financial performance measures alone do not collect all the
information together (Egelman and Peer 2015). The first and the foremost metric is
misleading metrics. It is vital to understand the major differences between training and
awareness. Training to the employees would be providing a detailed description on measures
and metrics that are needed to be undertaken by them. The most common metrics that are
related to security awareness are not at all helpful for justifying the efforts of security
awareness. Component metrics are the second type of metrics, which are helpful for
Mahindra Bank in optimization of budgets. The major impacts are being checked after
consideration of the component and analytics. If the analytics on employees’ and customers’
emails are low, it is evident that they are vulnerable towards risks and threats.
The third metrics is behavioral metrics, which help to understand the changing
behaviors of employees. Periodical feedback sessions should be arranged for the employees,
for understanding if the awareness program is providing results, as per expectation in the
bank (Dahbur, Bashabsheh and Bashabsheh 2017). The management of Mahindra Bank
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13
AWARENESS OF SECURITY OPERATION
should check whether passwords are being changed occasionally or not. It would ensure that
the devices and assets are absolutely safe and secured and phishing attacks are eradiated
effectively. Balance in score is the next distinct method for security awareness in this specific
bank. They should even make the security awareness measures, absolutely tangible. It will
make sure that Mahindra Bank is able to save high expenses of around $50000 per month. A
proper security awareness program would hence ensure that financial losses are majorly
reduced without much complexity.
The major objectives and plans for achieving those objectives of a security awareness
program for Mahindra Bank are as follows:
i) Management of Cost Security: The bank professionals should be able to calculate
the difference between security of total ownership costs and employee number (Brooks and
Rieger 2016). They should eve consider the security incident resolution costs.
ii) Improving Efficiency of Information Leakage Control: Mahindra Bank should
also improve their efficiency in information leakage control. This is extremely important for
them as they are dealing with financial data. It would ensure that phishing attacks are well
eradicated by checking every email.
iii) Improvement in the Access Right Management Process: The security awareness
program should ensure that the access right management process is being improved by the
bank and every employee is aware of such issues.
iv) Reduction in the Delay of Processing End User Security Right: Access to
customers should be restricted and there should be a reduction in the delay of end user
security right process (Anwar et al. 2017). Hence, rates of error would be reduced and the
entire process would be much smoother.
AWARENESS OF SECURITY OPERATION
should check whether passwords are being changed occasionally or not. It would ensure that
the devices and assets are absolutely safe and secured and phishing attacks are eradiated
effectively. Balance in score is the next distinct method for security awareness in this specific
bank. They should even make the security awareness measures, absolutely tangible. It will
make sure that Mahindra Bank is able to save high expenses of around $50000 per month. A
proper security awareness program would hence ensure that financial losses are majorly
reduced without much complexity.
The major objectives and plans for achieving those objectives of a security awareness
program for Mahindra Bank are as follows:
i) Management of Cost Security: The bank professionals should be able to calculate
the difference between security of total ownership costs and employee number (Brooks and
Rieger 2016). They should eve consider the security incident resolution costs.
ii) Improving Efficiency of Information Leakage Control: Mahindra Bank should
also improve their efficiency in information leakage control. This is extremely important for
them as they are dealing with financial data. It would ensure that phishing attacks are well
eradicated by checking every email.
iii) Improvement in the Access Right Management Process: The security awareness
program should ensure that the access right management process is being improved by the
bank and every employee is aware of such issues.
iv) Reduction in the Delay of Processing End User Security Right: Access to
customers should be restricted and there should be a reduction in the delay of end user
security right process (Anwar et al. 2017). Hence, rates of error would be reduced and the
entire process would be much smoother.
14
AWARENESS OF SECURITY OPERATION
v) Implementation of Anti-Phishing Tool: Mahindra Bank should implement the
anti-phishing tool for ensuring that the emails and other confidential information are secured.
Intrusion tests could be effective for resolving these issues and compliance would be
maintained.
In addition, security countermeasures should have been implemented for overcoming
the weakness of the identifiable audit findings, maturity assessment or risk analysis
(Cavusoglu et al. 2015).
7. Conclusion
Hence, conclusion can be drawn that, a proper security program is required for
successfully eradicating cyber threats from any organization. Mahindra bank has nearly 2
million customers and 5000 employees. Cyber threat of phishing email could be a loss of
reputation of the company. A proper strategy and plan should be taken for preventing cyber-
attacks, which could lead to loss of data. The management could even experiment with
different probable outcome of the research of the security issues particularly suited for this
kind of environments where phishing attacks occur. However, it does not remove all the
barriers of security issues but a kind of security tool can describe earlier in the report can
have used to provide a better environment in which employee can learn more about cyber-
attacks rather than reading referencing material. Finally, the measurement of the whole report
has discussed through the metrics tools that have used to measure the effectiveness of the
whole program. This report has theoretically developed and tested on pure logic of security
effectiveness that incorporate the organizational factors.
AWARENESS OF SECURITY OPERATION
v) Implementation of Anti-Phishing Tool: Mahindra Bank should implement the
anti-phishing tool for ensuring that the emails and other confidential information are secured.
Intrusion tests could be effective for resolving these issues and compliance would be
maintained.
In addition, security countermeasures should have been implemented for overcoming
the weakness of the identifiable audit findings, maturity assessment or risk analysis
(Cavusoglu et al. 2015).
7. Conclusion
Hence, conclusion can be drawn that, a proper security program is required for
successfully eradicating cyber threats from any organization. Mahindra bank has nearly 2
million customers and 5000 employees. Cyber threat of phishing email could be a loss of
reputation of the company. A proper strategy and plan should be taken for preventing cyber-
attacks, which could lead to loss of data. The management could even experiment with
different probable outcome of the research of the security issues particularly suited for this
kind of environments where phishing attacks occur. However, it does not remove all the
barriers of security issues but a kind of security tool can describe earlier in the report can
have used to provide a better environment in which employee can learn more about cyber-
attacks rather than reading referencing material. Finally, the measurement of the whole report
has discussed through the metrics tools that have used to measure the effectiveness of the
whole program. This report has theoretically developed and tested on pure logic of security
effectiveness that incorporate the organizational factors.
15
AWARENESS OF SECURITY OPERATION
References
Anwar, M., He, W., Ash, I., Yuan, X., Li, L. and Xu, L., 2017. Gender difference and
employees' cybersecurity behaviors. Computers in Human Behavior, 69, pp.437-443.
Arachchilage, N.A.G. and Love, S., 2014. Security awareness of computer users: A phishing
threat avoidance perspective. Computers in Human Behavior, 38, pp.304-312.
Bada, M., Sasse, A.M. and Nurse, J.R., 2019. Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
Brooks, P.D. and Rieger, R., Time Warner Cable Enterprises LLC, 2016. Methods and
apparatus for content delivery notification and management. U.S. Patent 9,270,944.
Cavusoglu, H., Cavusoglu, H., Son, J.Y. and Benbasat, I., 2015. Institutional pressures in
security management: Direct and indirect influences on organizational investment in
information security control resources. Information & Management, 52(4), pp.385-400.
Dahbur, K., Bashabsheh, Z. and Bashabsheh, D., 2017. Assessment of security awareness: A
qualitative and quantitative study. International Management Review, 13(1), p.37.
Egelman, S. and Peer, E., 2015, April. Scaling the security wall: Developing a security
behavior intentions scale (sebis). In Proceedings of the 33rd Annual ACM Conference on
Human Factors in Computing Systems (pp. 2873-2882). ACM.
Eggenschwiler, J., Agrafiotis, I. and Nurse, J.R., 2016. Insider threat response and recovery
strategies in financial services firms. Computer Fraud & Security, 2016(11), pp.12-19.
Filkins, B., 2017. Sensitive data at risk: the SANS 2017 data protection survey. SANS
Institute InfoSec Reading Room.
AWARENESS OF SECURITY OPERATION
References
Anwar, M., He, W., Ash, I., Yuan, X., Li, L. and Xu, L., 2017. Gender difference and
employees' cybersecurity behaviors. Computers in Human Behavior, 69, pp.437-443.
Arachchilage, N.A.G. and Love, S., 2014. Security awareness of computer users: A phishing
threat avoidance perspective. Computers in Human Behavior, 38, pp.304-312.
Bada, M., Sasse, A.M. and Nurse, J.R., 2019. Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
Brooks, P.D. and Rieger, R., Time Warner Cable Enterprises LLC, 2016. Methods and
apparatus for content delivery notification and management. U.S. Patent 9,270,944.
Cavusoglu, H., Cavusoglu, H., Son, J.Y. and Benbasat, I., 2015. Institutional pressures in
security management: Direct and indirect influences on organizational investment in
information security control resources. Information & Management, 52(4), pp.385-400.
Dahbur, K., Bashabsheh, Z. and Bashabsheh, D., 2017. Assessment of security awareness: A
qualitative and quantitative study. International Management Review, 13(1), p.37.
Egelman, S. and Peer, E., 2015, April. Scaling the security wall: Developing a security
behavior intentions scale (sebis). In Proceedings of the 33rd Annual ACM Conference on
Human Factors in Computing Systems (pp. 2873-2882). ACM.
Eggenschwiler, J., Agrafiotis, I. and Nurse, J.R., 2016. Insider threat response and recovery
strategies in financial services firms. Computer Fraud & Security, 2016(11), pp.12-19.
Filkins, B., 2017. Sensitive data at risk: the SANS 2017 data protection survey. SANS
Institute InfoSec Reading Room.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16
AWARENESS OF SECURITY OPERATION
Gupta, B.B., Arachchilage, N.A. and Psannis, K.E., 2018. Defending against phishing
attacks: taxonomy of methods, current issues and future directions. Telecommunication
Systems, 67(2), pp.247-267.
Karadag, H., 2015. Financial management challenges in small and medium-sized enterprises:
A strategic management approach. EMAJ: Emerging Markets Journal, 5(1), pp.26-40.
Konradt, C., Schilling, A. and Werners, B., 2016. Phishing: An economic analysis of
cybercrime perpetrators. Computers & Security, 58, pp.39-46.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Pendleton, M., Garcia-Lebron, R., Cho, J.H. and Xu, S., 2017. A survey on systems security
metrics. ACM Computing Surveys (CSUR), 49(4), p.62.
Sadeh-Koniecpol, N., Wescoe, K., Brubaker, J. and Hong, J., WOMBAT SECURITY
TECHNOLOGIES Inc, 2017. Context-aware training systems, apparatuses, and methods.
U.S. Patent 9,547,998.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. computers & security, 56, pp.70-82.
Saleem, J. and Hammoudeh, M., 2018. Defense methods against social engineering attacks.
In Computer and network security essentials (pp. 603-618). Springer, Cham.
Slayton, R., 2015. Measuring risk: Computer security metrics, automation, and
learning. IEEE Annals of the History of Computing, 37(2), pp.32-45.
AWARENESS OF SECURITY OPERATION
Gupta, B.B., Arachchilage, N.A. and Psannis, K.E., 2018. Defending against phishing
attacks: taxonomy of methods, current issues and future directions. Telecommunication
Systems, 67(2), pp.247-267.
Karadag, H., 2015. Financial management challenges in small and medium-sized enterprises:
A strategic management approach. EMAJ: Emerging Markets Journal, 5(1), pp.26-40.
Konradt, C., Schilling, A. and Werners, B., 2016. Phishing: An economic analysis of
cybercrime perpetrators. Computers & Security, 58, pp.39-46.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications.
Pendleton, M., Garcia-Lebron, R., Cho, J.H. and Xu, S., 2017. A survey on systems security
metrics. ACM Computing Surveys (CSUR), 49(4), p.62.
Sadeh-Koniecpol, N., Wescoe, K., Brubaker, J. and Hong, J., WOMBAT SECURITY
TECHNOLOGIES Inc, 2017. Context-aware training systems, apparatuses, and methods.
U.S. Patent 9,547,998.
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A. and Herawan, T., 2015.
Information security conscious care behaviour formation in organizations. Computers &
Security, 53, pp.65-78.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance
model in organizations. computers & security, 56, pp.70-82.
Saleem, J. and Hammoudeh, M., 2018. Defense methods against social engineering attacks.
In Computer and network security essentials (pp. 603-618). Springer, Cham.
Slayton, R., 2015. Measuring risk: Computer security metrics, automation, and
learning. IEEE Annals of the History of Computing, 37(2), pp.32-45.
17
AWARENESS OF SECURITY OPERATION
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225.
Tirumala, S.S., Sathu, H. and Naidu, V., 2015, December. Analysis and prevention of
account hijacking based incidents in cloud environment. In 2015 international Conference on
Information Technology (ICIT) (pp. 124-129). IEEE.
Tsohou, A., Karyda, M. and Kokolakis, S., 2015. Analyzing the role of cognitive and cultural
biases in the internalization of information security policies: Recommendations for
information security awareness programs. Computers & security, 52, pp.128-141.
Wolf, C. and Floyd, S.W., 2017. Strategic planning research: Toward a theory-driven
agenda. Journal of Management, 43(6), pp.1754-1788.
Zhao, M., An, B. and Kiekintveld, C., 2016, February. Optimizing personalized email
filtering thresholds to mitigate sequential spear phishing attacks. In Thirtieth AAAI
Conference on Artificial Intelligence.
.
AWARENESS OF SECURITY OPERATION
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225.
Tirumala, S.S., Sathu, H. and Naidu, V., 2015, December. Analysis and prevention of
account hijacking based incidents in cloud environment. In 2015 international Conference on
Information Technology (ICIT) (pp. 124-129). IEEE.
Tsohou, A., Karyda, M. and Kokolakis, S., 2015. Analyzing the role of cognitive and cultural
biases in the internalization of information security policies: Recommendations for
information security awareness programs. Computers & security, 52, pp.128-141.
Wolf, C. and Floyd, S.W., 2017. Strategic planning research: Toward a theory-driven
agenda. Journal of Management, 43(6), pp.1754-1788.
Zhao, M., An, B. and Kiekintveld, C., 2016, February. Optimizing personalized email
filtering thresholds to mitigate sequential spear phishing attacks. In Thirtieth AAAI
Conference on Artificial Intelligence.
.
1 out of 18
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.