Cyber Security Plan and Training Program for a Specific Company

Verified

Added on 2022/11/01

AI Summary

This report presents a detailed cyber security plan designed for an organization facing various security threats. It begins with an executive summary highlighting the importance of information security and the potential risks. The report identifies vulnerabilities in areas such as disaster recovery, incident response, business continuity, social engineering, password security, and employee awareness. It proposes a comprehensive security plan, including countermeasures like training programs to mitigate these risks. The training program emphasizes the importance of password security, emerging threats, and the need for continuous security awareness. The plan also outlines the importance of a security charter to minimize security issues, including risk assessment, control implementation, and continuous monitoring and reporting. The report underscores the need for a proactive and integrated approach to safeguarding an organization's information assets.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CYBER SECURITY
CYBER SECURITY
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1CYBER SECURITY
Executive Summary
The security of information is very essential for an organization as it contains customer
details or the information about the company. If this information is leaked, it can cause harm
to the company. The report focuses on the holdings of the organization that are at risk. The
report describes about the security threats to the organization. The report also discusses to
design a plan of security in order to address the threats. The report focuses on the
development of information security training and an awareness program for the staff. The
security plan is very important for the organization as it will help the company to safeguard
its important data and information from data breach or any other security attack on the
information systems of the organization.

2CYBER SECURITY
Table of Contents
Introduction:...............................................................................................................................3
Discussion..................................................................................................................................3
Business Scenario...................................................................................................................3
Security Plan..........................................................................................................................4
Security Countermeasures......................................................................................................5
Training..................................................................................................................................6
Security Policy.......................................................................................................................8
Conclusion..................................................................................................................................9
References................................................................................................................................11

3CYBER SECURITY
Introduction:
The report deals with the security issues of a company and the security plan that are to
be enacted in order to mitigate the security threats. The security of information is very
essential for an organization as it contains customer details or the information about the
company. If this information is leaked, it can cause harm to the company. The report focuses
on the holdings of the organization that are at risk. The report describes about the security
threats to the organization. The report also discusses to design a plan of security in order to
address the threats. The report focuses on the development of information security training
and an awareness program for the staff. The security plan is very important for the
organization as it will help the company to safeguard its important data and information from
data breach or any other security attack on the information systems of the organization.
Discussion
Business Scenario
A security team is responsible for protecting the information holdings of an
organization having 1000 employees. The organization is located in a multi-storied building
that is separate and that is located in the district of the city. The team of security is
responsible for managing the security of information from the accidental and deliberate
warnings. The management of security of information is found it to be no enough in some of
the important areas such as the incident response, recovery of disaster, recovery of business,
the social engineering attacks, and absence of personnel awareness and security of poor
password. The problems that have been identified needs desperate mitigation. The systems
that are related to technical of the organization were effective in maintaining the database of
the organization and the security of document management were well serviced by the team of
information security.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4CYBER SECURITY
Security Plan
The organization has a team of security that looks after the information holdings of
the company. The company consists of around 1000 staffs. The team of security is
responsible for managing the security of information from accidental and intentional harms.
The management of security of information has found out that the company has some
vulnerability in some of the important areas such as the disaster recover, incident response
and continuity of business.
Disaster recovery of the company refers to the backing up of the data of the company
that can be later used to restore the operations in the event of the loss of data (Phillips 2015).
This is an important risk of the company. The company should have an efficient disaster
recovery plan and a disaster recovery team in order to back up the data that are lost
(Sahebjamnia, Torabi and Mansouri 2015).
The company has some vulnerability in the incident response (Souissi et al 2016).
Incident response refers to the approach that is organized in managing and addressing the
aftermath of a cyber attack that is known as security incident. The security team of the
company should have a proper team for managing the incident and the team members should
also have a proper knowledge about the security incident and should know the approach
(Steinke et al 2015).
The company also lacks in the continuity of business (Graham and Kaye 2015). The
continuity of business refers to the ability of an organization to make sure the operations and
the functions of business are not severely affected by an incident that is unplanned that take
the systems that are critical offline. The company should have another team to handle the
business functions and the operations after some attack so that the operations of the company
are not hampered in any way (Torabi, Giahi and Sahebjamnia 2016).

5CYBER SECURITY
Security Countermeasures
The team of security of the organization is effective in maintain the database and the
management security of the document. But, the security team of the organization has found
some vulnerabilities in some of the important areas of the organization. The potential security
threats of the organization include social engineering attacks, poor password security and
lack of awareness of the different threats to information (Krombholz et al 2015).
The social engineering is an attack that relies on the interaction of humans and it
sometimes involves manipulation of people to break the process of normal security and the
best practices to gain entry into the systems, physical locations or networks or for gaining
money from the clients (Junger, Montoya and Overink 2017). There are various types of
social engineering attacks that can cause harm to the security systems of the organization.
The social engineering attacks are:
 Phishing
 Baiting
 Tailgating
 Quid Pro Quo.
The company also has poor password security; it means that anyone can get into the
system of the organization by guessing the password or hacking the system (Shen et al 2016).
A research has found that management of poor password and a lack of security practices that
are digital is putting people at risk of affecting data breaches that are personal and could lead
to financial of identity theft.
Lack of awareness of various thefts to information is also an important security risk to
the organization. The second biggest concern of an organization is the lack of security
awareness in their employees Öğütçü, Testik and Chouseinoglou 2016). The employees of

6CYBER SECURITY
the organization who aren’t aware of the obligations of cyber security are vulnerable to
ignore the policies that are relevant.
Training
There are organizations that spend huge amount of capital on cybersecurity and
despite the security defences that are sophisticated, employees remains a vulnerability to the
organization. Firewalls and security products stop many of the cyber security but there are
scammers that get past these defences (Kemper 2019). A survey says that more than half of
the employees of an organization had not received proper security awareness training.
Security of email and training of the employees are the problems that are faced by the IT
organizations. The phishing attack and ransomware attack are top security concerns for the
employees.
There are various ways an organization can arm their employees against these cyber
attacks and the other techniques that some of the attackers use in order to defraud the
businesses (Aldawood and Skinner 2019).
 Start on day one:
When an employee joins an organization, the hr paper work takes the place of security
training. They are assigned an area of work an issued laptop. The employees should be
trained and they should be ready for the security attacks that they will encounter during any
day of their work (Li et al 2016). Many security-training vectors are readily available on the
market. These can be deployed into the organization and then train the employees for the
security threats.
 Watch the threats that are emerging
The landscape of cybersecurity can drastically change. So, it is important to use a

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7CYBER SECURITY
Security training awareness vendor that keeps its finger on the market so that the
employees of the organization does not wind up blindsided by the scam that is latest. It is
always best to select a platform for training that defines past the company respond to the
attacks. breaches of data and how
 Practice makes perfect
The information security training can expose the employees to the latest attacks and
deceptions and help them to guard against the behaviours that are risky and can lead to data
breaches.
 Explain Why
Learning with the feedback that are immediate and that are provided by simulations of
security can help to concepts stick but the organizations can go further by making it clear that
training is important. The engagement of user is driven by transparency within a company.
The materials of training and awareness need to be outlined clearly, why security is essential
at home and at work.
 Fix the problem of password
Reused, weak and passwords that are easily guessed is a major security weak spot. A
study says that 30 percent of the company’s emails have been hacked and password leaked.
The employees must be well trained in fixing the password and the other social engineering
attacks that are a threat to the organizations (Öğütçü, Testik and Chouseinoglou 2016). The
employees must be trained so that they know about the attacks and their symptoms
beforehand. Then they can mitigate the security threats and the attacks.

8CYBER SECURITY
Security Policy
A security charter or a security plan can minimize the security issues of the company
(Hoffman 2016). An organizational security plan is a document that is strategic and that
 Provides a view that is integrated of the security needs of the organization.
 Recognizes the threats of security, weaknesses and risks in order to determine a proper set
of objectives that are controlled.
 Recognizes and establishes additional and minimum controls when needed in order to
achieve a level that is acceptable of the risk that are residual.
 Outlines the strategies of security, priorities, objectives and timelines in order to improve
the security posture of the organization.
Once the security plan for the organization is in place and communicated, every
leader and the employees of the organization should be able to enunciate and understand in
terms that are succinct, what are the major risks of the organization and the role they play in
order to mitigate those risks in every aspect of the activities of the organization (Baker and
Benny 2016).
The objective of the security plan is to provide a view that is integrated of the security
threats of the organization, requirements and the risks that consist of priorities, strategies,
responsibilities and timelines in order to maintain, monitor strength and improve the security
controls of the organization.
The security plan will help the organization to mitigate the security issues that can be
harmful to the organization. The professionals will do the following task:
 Conduct review of the documents that are appropriate that includes guidance, standards
and instructions and any of the pending revisions that are proposed related to the policies
of security.

9CYBER SECURITY
 Conduct the review of all the documents that are pertinent and that are relevant to the
clients. The further and present security responsibilities that are broad and the
accountabilities in order to support the activities of the client.
 Complete the assessment and identification of particular requirements of security and the
risk that are associated in order to establish a register of security risk that is formal,
physical, information, personnel and IP.
 Complete the recognition of the controls of the security that are key and the analysis of
gap that come after by the establishment of the approach to treatment of strategy of the
risk that is based on the priorities improvement and make the plan of implementation.
 Develop appropriate controls, monitoring and reporting that includes metrics in order to
verify improvements that are continuous and ongoing reviews of risk management.
 Produce working organizational security plan for the reviews and comments of the
clients.
 Deliver a final draft to the organization that is clear and short. The draft will serve as tool
of reference that is critical in order to manage the threat that is dynamic and the
environment of security risk.
Conclusion
The report concludes with the development of the training program for the employees
so that they know about the attacks and the symptoms of the attacks beforehand. The report
deals with the organizational holdings that are at risk. The report focuses on the security
threats to the organization. The report also discusses about the development of a training
program for the employees so that they are well versed in the cybersecurity attacks such weak
password attacks and the social engineering attacks. The report focuses on the designing of a

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10CYBER SECURITY
security plan for the organization that will solve all the issues of security and threats that the
organization is currently facing. The security plan will be helpful to the company and the
issues of security will be solved.

11CYBER SECURITY
References
Aldawood, H. and Skinner, G., 2019. Reviewing Cyber Security Social Engineering Training
and Awareness Programs—Pitfalls and Ongoing Issues. Future Internet, 11(3), p.73.
Baker, P.R. and Benny, D.J., 2016. -Physical Security Planning. In The Complete Guide to
Physical Security (pp. 24-33). Auerbach Publications.
Graham, J. and Kaye, D., 2015. A Risk Management Approach to Business Continuity:
Aligning Business Continuity and Corporate Governance. Rothstein Publishing.
Hoffman, D.K., 2016. Security at Our Fingertips. Women Law. J., 101, p.26.
Junger, M., Montoya, L. and Overink, F.J., 2017. Priming and warnings are not effective to
prevent social engineering attacks. Computers in human behavior, 66, pp.75-87.
Kemper, G., 2019. Improving employees' cyber security awareness. Computer Fraud &
Security, 2019(8), pp.11-14.
Krombholz, K., Hobel, H., Huber, M. and Weippl, E., 2015. Advanced social engineering
attacks. Journal of Information Security and applications, 22, pp.113-122.
Li, L., Xu, L., He, W., Chen, Y. and Chen, H., 2016, December. Cyber security awareness
and its impact on employee’s behavior. In International Conference on Research and
Practical Issues of Enterprise Information Systems (pp. 103-111). Springer, Cham.
Öğütçü, G., Testik, Ö.M. and Chouseinoglou, O., 2016. Analysis of personal information
security behavior and awareness. Computers & Security, 56, pp.83-93.
Öğütçü, G., Testik, Ö.M. and Chouseinoglou, O., 2016. Analysis of personal information
security behavior and awareness. Computers & Security, 56, pp.83-93.
Phillips, B.D., 2015. Disaster recovery. CRC press.

12CYBER SECURITY
Sahebjamnia, N., Torabi, S.A. and Mansouri, S.A., 2015. Integrated business continuity and
disaster recovery planning: Towards organizational resilience. European Journal of
Operational Research, 242(1), pp.261-273.
Shen, C., Yu, T., Xu, H., Yang, G. and Guan, X., 2016. User practice in password security:
An empirical study of real-life passwords in the wild. Computers & Security, 61, pp.130-141.
Souissi, S., Serhrouchni, A., Sliman, L. and Charroux, B., 2016, December. Security Incident
Response: Towards a Novel Decision-Making System. In International Conference on
Intelligent Systems Design and Applications (pp. 667-676). Springer, Cham.
Steinke, J., Bolunmez, B., Fletcher, L., Wang, V., Tomassetti, A.J., Repchick, K.M., Zaccaro,
S.J., Dalal, R.S. and Tetrick, L.E., 2015. Improving cybersecurity incident response team
effectiveness using teams-based research. IEEE Security & Privacy, 13(4), pp.20-29.
Torabi, S.A., Giahi, R. and Sahebjamnia, N., 2016. An enhanced risk assessment framework
for business continuity management systems. Safety Science, 89, pp.201-218.