Information Security Awareness Training Report for ATI

Verified

Added on 2022/08/28

AI Summary

This report details an information security awareness training program designed for Advanced Topologies Inc. (ATI). It begins with an introduction to information security, defining its objectives of integrity, confidentiality, and availability. The report adopts the NIST Special Publication 800-50 model, providing guidance for effective IT security programs. It identifies potential causes of information insecurity, stemming from both employee actions and inactions, and addresses associated risks like leaving sensitive data unattended, clicking on suspicious emails, and using weak passwords. The core of the report covers key policies, including clean desk, bring your own device (BYOD), data management, removable media, and social networking policies. Roles and responsibilities are outlined for agency heads, chief information officers (CIOs), and managers. The report concludes with recommendations such as continuous monitoring of employee activities, discouraging BYOD on company networks, and minimizing the use of sticky notes and printouts, emphasizing that security is the responsibility of every employee. References to key literature are also included.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Information security
awareness training
Be on the look out!

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

AGEND
A Introduction
NIST model
Causes of information insecurity
Policies
Roles and Responsibilities
The main agenda
for the training
include;

INTRODUCTION
• What is information security?
• The practice of preventing unauthorized use,
disruption, unauthorized access, modification,
inspection, destruction or even unauthorized
recording of information("What is Information
Security?," 2018).

INTRODUCTION CONT.’
• Information can be physical or electronic.
• Objectives of Information security program are;
• Integrity
• Confidentiality
• availability

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

NIST MODEL
• NIST special publication 800-50 is chosen model in ADVANCED
TOPOLOGIES INC.(ATI).
• Why this model for ATI?
• It offers guidance in development of effective information
technology security programs
• Supports federal information security management act of 2002
requirements(Pradigdya & Ginardi, 2019,)

System set up may not be the
weakness. What are the involved
parties likely causes of insecurities?

Employees inaction
Leaving sensitive information on desks.
Failing to log out from emails in open office computers
Failing to recorded and notify company’s IT any suspicious activities in
the system.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Employees action
Clicking on strange emails that may come with malware
Retrieving delicate information to irrelevant users
Setting obvious passwords which can easily be intruded
Sharing excess information when social networking
Leaving browsers remembering passwords on public computers

policies
Policy is how ATI manage and use network and information.
Clean desk policy
Bring your own device policy
Data management policy
Removable media
Social networking

Clean desk policy
Clearing off the desk print outs, sticky notes that contain delicate
information.
This prevents unauthorized party from viewing them(Bada, Sasse
& Nurse, 2019).
Only papers kept are associated with present project being worked
on by users.
According to grants(2017), sensitive information must be gotten rid
off at end of each day.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

BRING YOUR OWN DEVICE POLICY
This covers all personal computing devices of the employees that can
be utilized in work setting.
ATI has created a list of acceptable devices and the rest banned.
All devices under BYOD must be verified by the security staff.
Applications run in these devices are also limited.

Data management policy
• According to Eyadat (2018), employees do not realize importance of
classified data.
• Hence need to provide knowledge regarding all kinds of data.
• This allows everyone to comprehend the business critically.
• Everyone should strive to know basic information regarding data
management

Removable media
• This includes devices that transfer data in and out of computers.
• Concerns introduction of security threats to confidential data of the
company.
• Threats that may be brought about are hardware failure, malware
infection and copy right infringement (McCormac et al., 2017,)
• prohibit unwanted media and prohibit accessing abandoned media
like external hard drives.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Social networking
• Social networking is widely used currently.
• Phishing is a common attack that can be a disaster.
• ATI hence sensitizes and restricts using of company devices for social
networking.
• According to ghavani & shukur (2017) employees should always get a
guide on dangers of phishing attacks hence a responsibility to the
managers.

ROLES AND RESPONSIBILITIES
• Security is everyone's role.
AGENCY HEADS;
guarantees efficient security awareness so as training for
workforce(al-daeef, basir & saudi, 2017).
Labels any CIO.
allocate accountability for its security IT.
Apply and guarantee agency security program budget and
resources.

ROLES AND RESPONSIBILITIES
CHIEF INFORMATION OFFICERS(CIO);
Train agency staff for important roles
Monitor staffs important duties.
administering training as well as monitor staffs with important duties
MANAGERS;
• Obeying with IT security awareness as well as training requirement
implemented for users.
• Liaising with CIO to encourage professional development and
certification of staff of it.
• Guarantee that all users of respective systems are properly trained.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Conclusions
• As per the policies all employee are required to realize
security starts with them.
• Always ensure both electronic and physical information are
secure.
• Take action as per requirement to ensure ATI is safe.

Recommendations
• ATI to always keep monitoring employees activities through
programs
• Setting aside devices for social networking
• Discourage employees from BYOD on company network
• Minimize use of sticky notes and printouts by employees.

references
• McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., & Pattinson, M.
(2017). Individual differences and Information Security Awareness. Computers in
Human Behavior, 69, 151-156.
• What is Information Security? (2018, June 19). Retrieved from
https://www.geeksforgeeks.org/what-is-information-security/
• Pradigdya, C. A., & Ginardi, R. V. (2019). User Awareness Design for Electronic
Money User Using Protection Motivation Theory and NIST 800-50 Framework.
IPTEK Journal of Proceedings Series, 0(5), 416.
• Tasevski, P. (2016). IT and Cyber Security Awareness – Raising Campaigns.
Information & Security: An International Journal,
• Eyadat, M. S. (2018). Information Security: Awareness and Training Program in
the Middle East Universities. Asian Journal of Computer and Information Systems

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Reference Continued
• Grant, R. L. (2017). Exploring Effects of Organizational Culture upon
Implementation of Information Security Awareness and Training Programs
within the Defence Industry Located in the Tennessee Valley Region (Doctoral
dissertation).
• Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness
campaigns: Why do they fail to change behaviour?.
• Al-Daeef, M. M., Basir, N., & Saudi, M. M. (2017, July). Security awareness
training: A review. In Proceedings of the World Congress on Engineering.
• Ghazvini, A., & Shukur, Z. (2017, November). Review of information
security guidelines for awareness training program in healthcare industry. In
2017 6th International Conference on Electrical Engineering and Informatics
(ICEEI) (pp. 1-6). IEEE.