Information Security Awareness Program: Final Project Report

Verified

Added on 2023/04/23

AI Summary

This project focuses on building a security awareness training program. It begins by defining security awareness training and its importance for organizations, emphasizing the need to protect data and maintain operational functionality. The project explores management's role in security development, including policy creation and enforcement. It identifies various cyber threats, such as malware, spyware, and ransomware, and discusses the motivations of cybercriminals. Different types of cyber security training methods, including formal and online approaches, are examined, highlighting the importance of continual training and expert development. The project also addresses the costs involved in cyber security, such as software and network security, and the evaluation of awareness program effectiveness. The project also provides the building blocks of an information security awareness program, exploring scenarios and providing a link to a template for a final project. This project covers the significance of understanding threats, the importance of employee education, and the implementation of countermeasures to protect against cyber-attacks, with the ultimate goal of enhancing data protection and overall security awareness within an organization. The provided assignment is a valuable resource for students, and more resources can be found on Desklib.

INFORMATION SECURITY AWARENESS PROGRAM

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Security awareness training:
• Security awareness training is concerned about making the people aware about the threats
from the cyber-attacks and data breaching (Peltier and Thomas).
• The organization can train the employees regarding this.
• In this context, the organizations can make employee understand about the importance of
using anti-virus software. Apart from that the implementation of the firewall and VPN in the
system can be beneficial to prevent the external threats in the organizational network.

Significance of the security awareness program:
Every organizations need the security awareness program so that the data and information stored
in the organization can be safe (Caballero and Albert).
Apart from that the functionality of the organization can keep going in a proper way.
The prevention of the security threats also mitigates the chances of the physical damage of the
systems in the organization

Management’s role in the security development:
In order to enhance the security of the organization the organization can do certain things like
policy development and policy enforcement for the development of the security (Schroeder).
Selection of the right policy will ensure the cost saving for the organization.
Also it will increases the production of the organization.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Understanding the threats:
The first step in the awareness program is to train the employees to manage the security threats.
At first the motivations for the cyber criminals are needed to be found out.
In most cases, the hacking of the data is done in order to gain the access of the tread secret.
Apart from that cyber war and bragging rights are related in this context.

Types of cyber security attacks:
In order to implement the safeguard against the cyber threats, the types of cyber threats present
are needed to be known. The violation of the security is mainly done through the malware. Apart
from that spyware and ransomware are other types of attacks.
The threat can be spread from the peer to peer file sharing, webattacks and adware. In this
context, some of the recent news of cyber-attacks can be mentioned (Chen, Ramamurthy and
Kuang-Wei Wen).
Recently, the attack of WannaCry ransomware has become constraints for the functioning of the
many system. The data and the information of the target system is encrypted by the attackers.
Those encrypted files can be unblocked in exchange of money.

Type of cyber security training:
The cyber security training can be done in different ways. It can be done in formal way or through
the online class room. The trainees should be made aware about the functioning of the social
engineering. This can be done by one –to-one interaction.
The training can be yearly basis or continual. It is recommended to train the employees and the
trainee in a continual process so that they can made ware about the advancement of the cyber
threats (Yildirim ).
Apart from that the organization can increase the number of experts through hiring the new
employees. The awareness about the cyber-attack will help to prevent the leakage of the data
and will enhance the Meta data awareness.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cost involved in the cyber security training:
The cost involved in the security process is needed to be evaluated. It has been seen that the
main target of the cyber-attack are the operating systems, servers and the networks of the
organizations.
In this case, buying of the original software is needed to be done.
Apart from that the implementation of the network security along with the VPN and firewall is
needed to be maintained in this case.

Evaluation of the awareness programs:
The significance of the software evaluation program is based on the effectiveness of the
awareness program. In order to get the successful compilation of the program the engagement
of the users in the program is needed to be done (Tsohou et al.). Apart from that the security
matters and the policies are the complicated chapters.

Cont..
In this case, the trainees are made to understand those complex theories in a simple way.
Apart from that the objective of the awareness program is needed to well defined so that the
course work regarding this can be arranged accordingly.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References
Caballero, Albert. "Security Education, Training, and Awareness." Computer and Information
Security Handbook (Third Edition). 2017. 497-505.
Chen, Y. A. N., K. R. A. M. Ramamurthy, and Kuang-Wei Wen. "Impacts of comprehensive
information security programs on information security culture." Journal of Computer Information
Systems 55.3 (2015): 11-19.
Peltier, Thomas R. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. Auerbach Publications, 2016.
Schroeder, Jordan. Advanced Persistent Training: Take Your Security Awareness Program to the
Next Level. Apress, 2017.
Tsohou, Aggeliki, Maria Karyda, and Spyros Kokolakis. "Analyzing the role of cognitive and cultural
biases in the internalization of information security policies: recommendations for information
security awareness programs." Computers & security 52 (2015): 128-141.
Yildirim, Ebru. "The Importance of Information Security Awareness for the Success of Business
Enterprises." Advances in Human Factors in Cybersecurity. Springer, Cham, 2016. 211-222.