Cybersecurity Report: Security Awareness, Risks, and Disaster Recovery

Verified

Added on 2022/09/13

AI Summary

This report focuses on the critical role of cybersecurity awareness programs in organizations. It emphasizes the importance of educating staff, clients, and stakeholders on best practices, security threats, and adherence to security guidelines. The report details various security risks, including computer viruses, hackers, phishing, and employee negligence. It outlines measures and guidelines for network integrity, risk assessment, and personnel security. The report also covers end-user responsibilities, access control, information security during transit, and disaster recovery planning. Furthermore, it highlights common security risks such as data loss, leakage, and external attacks, emphasizing the need for proactive security measures and a comprehensive disaster recovery plan to protect against potential threats. The report stresses the importance of a multi-faceted approach, including user education, technical controls, and robust recovery strategies to ensure overall cybersecurity.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: Cybersecurity 1
Cybersecurity
Name
Institution of Affiliation

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Cybersecurity 2
The security awareness program is very important to any institution, company or
organization for its full functionality regards to today’s technology situation. For an organization
to develop a strategic security plan, several factors are taken into consideration. Some of the
examples include: After the development of IT system users should be inducted to inform them
of how it is used. One of the factors which could never be overlooked is the security awareness
program, (Awawdeh & Tubaishat, 2014).
1.)
A well-informed security awareness culture is the one that ensures, clients, staff and all
stakeholders are well informed with best practices, outlines how security threats may be
managed and ensure security guidelines or policies are adhered to and maintained by everyone.
Where management has assembled a dedicated staff, distributed functions amid trained staff.
Training of staff by management on personal roles, security roles, systems and how to avoid
certain risks. Where staff are educated about online threats and tend to be sensitive to ensure
security is not breached. Management, clients, and staff are working towards keeping their data
safe by following the security awareness program proposed by the organization, (Aloul, 2012).
2.)
Perhaps the most common one, a computer virus written program that alters how
computer functions without consent or knowledge of the user, usually cause damage to the
computer. It can be avoided by careful evaluation of emails from unknown senders, free
software’s or downloads from peer to peer sharing sites and Installation of updated antivirus
from an approved provider. Hackers and predators are other treats, people creating computer
malware to steal data, identify identity or lock you out. Having online security tools having
identity theft protection is on the way one could avoid these treats. Phishing, where one or

Cybersecurity 3
business pretends to be trustworthy and can end up accessing sensitive data on finance or private
information through malware emails or messages. Antivirus with identity theft protection can be
a solution to this threat, (Rudolph, 2015).
3.)
Measures/ rules/ steps/ guidelines put up to ensure the integrity of a network, its
information, and the electronic devices' immediate environment. They include: Doing a risk
assessment that allows the organization to analyze and classify which network or devices are
more vulnerable and at greater risk. The idea is to reduce the identified vulnerabilities linked to
the communication network and electronic devices. When recruiting new personnel into an IT
place, security guidelines are implemented to ensure the human error is reduced, misuse of
resources and fraud. Security issues are addressed as early as at the start of the hiring process
(application). Polices such as provision IT resources to ensure the appropriate use of
communication devices and networks to facilitate effective performance to their functions.
Additionally authorization to the use of devices to put responsibilities and obligations to persons
using these devices or communication networks. Some organization implement training
procedures to IT users so they are informed of potential security threats when using devices,
therefore ensure precaution and individual responsibility to report any little security incident that
may arise guidelines such as report incidence, manage incidence, collect and share IT
information, developing user awareness, defining user responsibilities are common amongst
companies. Other policies that have incorporated include developing disciplinary processes,
network, and device use controls (establishing remote equipment management), developing
separate operation facilities, securing external facilities and ensuring procedures used to render
information unrecoverable before it is disposed of, (Fay, 2011).

Cybersecurity 4
4.)
First, users of electronic devices and communication networks need to understand their
responsibilities to ensure the integrity of these devices and communication networks is
maintained. A strategic security awareness program requires end-users to understand the
intended use of devices and networks and act accordingly. Users should be able to respect the
integrity of a communication network system and comply with the supposed use of devices or
networks. Exercise of caution when using devices to ensure programs do not interfere with other
users, violation of the privacy of others while using any communication network or device
(network traffic is considered private, no monitoring of network information of others), network
users are not allowed to alter or modify the device and network security features, (Sari et al.,
2014).
5.)
Most basic, unauthorized persons should not any time have access to critical information. The
use of a firm authentication based program is important to verify and identify users accurately
who is handling information. Moreover, access control is necessary to only permit those that are
authorized only access their data. Information should be secured while on transit to avoid
interception or tampering, therefore secure routes should be deployed between end-users. To
ensure information is not exposed through exploits or Trojan horse’s management tools are
necessary. Anti-virus systems and personal firewalls. Also, encryption should be placed as the
first line of protection against access through back up tapes or hard drives, (Wu et al., 2012).
6.)
An information technology disaster recovery plan should be created together with the
business progress program. When analyzing the business impact, priorities and time of recovery

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Cybersecurity 5
aspects of information technology are supposed to be developed to guide the recovery process. A
company should configure itself such that it can access different facility (more than one) this
because if data is put at variable sites and is lost, it can be retrieved from an alternate site.
Besides vendor supported recovery strategies can be used (hot sites) where subscribers (vendors)
manage and host security services on behalf of the organization. If an outage occurs for a client
the vendor stores the data until client data is restored. Also, an organization can put up an IT
recovery plan, which starts by keeping a record of all hardware (laptops, servers and wireless
devices), data and any applications. This plan also ensures all crucial data is backed up,
(Abawajy, 2012).
7.)
Greatest and common security risks regard to cybersecurity are found within an
organization, those caused by employees' negligence that could lead to several threats if caution
is not practiced. these risks include loss of data completely, leakage of data or information to the
general public or unauthorized users, lack of services (maybe due to a misconfiguration),
exposure of information to external attacks like theft. Leakage of passwords could expose
competitive information. A company can also be at risk of hijack and phishing, (Kim, 2013).

Cybersecurity 6
References
Abawajy, J. (2012). User preference of cyber security awareness delivery methods.
Behaviour & Information Technology, 33(3), 237-248.
Aloul, F. A. (2012). The need for effective information security awareness. Journal of
Advances in Information Technology, 3(3).
Awawdeh, S. A., & Tubaishat, A. (2014). An information security awareness program to
address common security concerns in IT unit. 2014 11th International Conference on
Information Technology: New Generations.
Fay, J. J. (2011). Employee awareness program. Contemporary Security Management, 389-
395.
Kim, E. B. (2013). Information security awareness status of Business College:
Undergraduate students. Information Security Journal: A Global Perspective, 22(4),
171-179.
Rudolph, K. (2015). Implementing a security-awareness program. Computer Security
Handbook, 49.1-49.47.
Sari, P. K., Candiwan, & Trianasari, N. (2014). Information security awareness measurement
with confirmatory factor analysis. 2014 International Symposium on Technology
Management and Emerging Technologies.
Wu, Y. A., Guynes, C. S., & Windsor, J. (2012). Security awareness programs. Review of
Business Information Systems (RBIS), 16(4), 165-168.