Report: Security Awareness Program Design for Advanced Topologies Inc.
VerifiedAdded on 2022/08/28
|11
|2188
|22
Report
AI Summary
This report details the design of a security awareness program for Advanced Topologies Inc., addressing the critical need for employee training and awareness in information security. The report begins with an introduction emphasizing the importance of security awareness programs in organizations, especially considering the limited number of security professionals. It then analyzes the NIST security awareness model, which provides guidance for developing effective information technology security programs. A detailed needs assessment is conducted, identifying key training requirements such as clean desk policies, bring your own device (BYOD) policies, data management, removable media usage, and social networking dangers. The report outlines the roles and responsibilities of personnel, including agency heads, chief information officers (CIOs), and managers, in implementing and maintaining the security awareness program. The conclusion summarizes the benefits of the program for Advanced Topologies Inc. and highlights the importance of IT security policies and employee training. The report also includes quiz answers and references.
Running head: SECURITY AWARENESS PROGRAM
SECURITY AWARENESS PROGRAM
Name of student
Name of university
Author’s note:
SECURITY AWARENESS PROGRAM
Name of student
Name of university
Author’s note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
SECURITY AWARENESS PROGRAM
Table of Contents
Introduction....................................................................................................................2
NIST security awareness model.....................................................................................2
Needs assessment...........................................................................................................3
Roles and responsibilities of personnel..........................................................................5
Conclusion......................................................................................................................6
Quiz answers..................................................................................................................7
References......................................................................................................................8
SECURITY AWARENESS PROGRAM
Table of Contents
Introduction....................................................................................................................2
NIST security awareness model.....................................................................................2
Needs assessment...........................................................................................................3
Roles and responsibilities of personnel..........................................................................5
Conclusion......................................................................................................................6
Quiz answers..................................................................................................................7
References......................................................................................................................8
2
SECURITY AWARENESS PROGRAM
Introduction
The security awareness program as well as training is presently considered to be
significantly crucial in the organisations. In majority of the situations, there are significantly
restricted amount of the security professionals in the organisation and hence, there is the
major requirement of training as well as providing the required awareness to the employees
of the company. This report intends to analyse development of the model of security
awareness for the Advanced Topologies Inc. A detailed needs assessment has been conducted
providing several recommendations of the training requirements for all the employees of the
company. The roles as well as the responsibilities of all the personnel of the company in the
implementation of the training program has been briefly described.
NIST security awareness model
It has been analysed that the biggest risk to the information security of the
organsiaiton is not the weaknesses in the environment of technology control. Instead, it could
be the inaction or the action by the employees as well as several other employees that could
lead to the security happenings. For instance, the expose of huge of sensitive information,
which can be effectively utilised in the attacks of social engineering, not recording any
detected uncommon action, retrieving the delicate information irrelevant to the role of the
user. It has therefore been considered crucial that organisations functioning in the present
time should possess an appropriate security awareness program implemented in the
organisation for ensuring that the employees have the knowledge of the significance of
protecting the sensitive information.
Any successful IT security program mainly includes development of IT security
policy that effectively imitates the business requirements tempered by the recognised risks,
SECURITY AWARENESS PROGRAM
Introduction
The security awareness program as well as training is presently considered to be
significantly crucial in the organisations. In majority of the situations, there are significantly
restricted amount of the security professionals in the organisation and hence, there is the
major requirement of training as well as providing the required awareness to the employees
of the company. This report intends to analyse development of the model of security
awareness for the Advanced Topologies Inc. A detailed needs assessment has been conducted
providing several recommendations of the training requirements for all the employees of the
company. The roles as well as the responsibilities of all the personnel of the company in the
implementation of the training program has been briefly described.
NIST security awareness model
It has been analysed that the biggest risk to the information security of the
organsiaiton is not the weaknesses in the environment of technology control. Instead, it could
be the inaction or the action by the employees as well as several other employees that could
lead to the security happenings. For instance, the expose of huge of sensitive information,
which can be effectively utilised in the attacks of social engineering, not recording any
detected uncommon action, retrieving the delicate information irrelevant to the role of the
user. It has therefore been considered crucial that organisations functioning in the present
time should possess an appropriate security awareness program implemented in the
organisation for ensuring that the employees have the knowledge of the significance of
protecting the sensitive information.
Any successful IT security program mainly includes development of IT security
policy that effectively imitates the business requirements tempered by the recognised risks,
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
SECURITY AWARENESS PROGRAM
notifying the users of the respective IT security duties and the development of processes for
executing monitoring along with reviewing this program.
The security awareness as well as the training must emphasise the entire population of
the users of the organisation. The management should establish the case for the appropriate
IT security conduct in the organisation. The awareness program must initiate with the effort
that could be easily deployed as well as implemented in several methods and it is aimed at all
the stages of the organisation that includes the executive managers as well as the senior
managers.
The chosen model that could be used security awareness that could be used Advanced
Topologies Inc. is the NIST Special Publication 800-50, Building An Information
Technology Security Awareness and Training Program (Pradigdya & Ginardi, 2019). This
model offers the required guidance to develop an effective security programs of information
technology and it also supports all the requirements that are identified in Federal Information
Security Management Act of 2002.
Needs assessment
For preventing the staff-linked incidents, the organisation should introduce the viable
security training program (Pattabiraman et al., 2018). The implementation of security
awareness program is being done in the Advanced Topologies Inc. for ensuring that all the
sensitive information is manager properly. Some of the major training needs of the
organisation are:
Clean desk policy: The delicate information placed on any desk, like the sticky notes,
paper printouts as well as the paper could be easily taken any unauthorised user and viewed
by any unauthorised user (Bada, Sasse & Nurse, 2019). As per the directives of the clean
desk policy, only the papers, which must be kept, are the papers that are associated with the
SECURITY AWARENESS PROGRAM
notifying the users of the respective IT security duties and the development of processes for
executing monitoring along with reviewing this program.
The security awareness as well as the training must emphasise the entire population of
the users of the organisation. The management should establish the case for the appropriate
IT security conduct in the organisation. The awareness program must initiate with the effort
that could be easily deployed as well as implemented in several methods and it is aimed at all
the stages of the organisation that includes the executive managers as well as the senior
managers.
The chosen model that could be used security awareness that could be used Advanced
Topologies Inc. is the NIST Special Publication 800-50, Building An Information
Technology Security Awareness and Training Program (Pradigdya & Ginardi, 2019). This
model offers the required guidance to develop an effective security programs of information
technology and it also supports all the requirements that are identified in Federal Information
Security Management Act of 2002.
Needs assessment
For preventing the staff-linked incidents, the organisation should introduce the viable
security training program (Pattabiraman et al., 2018). The implementation of security
awareness program is being done in the Advanced Topologies Inc. for ensuring that all the
sensitive information is manager properly. Some of the major training needs of the
organisation are:
Clean desk policy: The delicate information placed on any desk, like the sticky notes,
paper printouts as well as the paper could be easily taken any unauthorised user and viewed
by any unauthorised user (Bada, Sasse & Nurse, 2019). As per the directives of the clean
desk policy, only the papers, which must be kept, are the papers that are associated with the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
SECURITY AWARENESS PROGRAM
present project, the users are working on. As the sensitive as well as the confidential
information must always be eliminated from desk at the end of each of the working days
(Grant, 2017).
Bring Your Own Policy: The employees should be properly educated regarding the
BYOD policy and the boundaries of this policy. The BYOD would cover all the personal
computing possessions of the employees that may be utilised in the work setting. The
organisation should create the list of all the acceptable as well as banned devices. Each of the
BYOD must be verified by the security staff and the one that could be allowed, should be
allowed to use or other must be prohibited (Ma’ruf & Rochman, 2019). The applications that
should be allowed in the devices should be listed and all other applications should be banned
from the mobile devices.
Data management: There are several kinds of data and huge amount of the employees
that are presently not properly conscious of the fact. The employees does not properly realise
the importance of the classified data (Eyadat, 2018). The employees are required to be
provided proper knowledge regarding all the kinds of data for allowing them to comprehend
the business critically.
Removable media: It has been considered the use of any removable media in the
company might introduce various kinds of security threats to the confidential data of the
company. The secure utilisation of both the personally owned devices as well as the corporate
devices has been analysed to be critical. Any kind of unauthorised removable media might
introduce the various issues of data security, hardware failure, malware infection as well as
the copyright infringement (McCormac et al., 2017). The corporate staffs should be properly
educated regarding the hazards of the unwanted removable media and then prohibit them
from the accessing any of the abandoned media, like the external hard drive.
SECURITY AWARENESS PROGRAM
present project, the users are working on. As the sensitive as well as the confidential
information must always be eliminated from desk at the end of each of the working days
(Grant, 2017).
Bring Your Own Policy: The employees should be properly educated regarding the
BYOD policy and the boundaries of this policy. The BYOD would cover all the personal
computing possessions of the employees that may be utilised in the work setting. The
organisation should create the list of all the acceptable as well as banned devices. Each of the
BYOD must be verified by the security staff and the one that could be allowed, should be
allowed to use or other must be prohibited (Ma’ruf & Rochman, 2019). The applications that
should be allowed in the devices should be listed and all other applications should be banned
from the mobile devices.
Data management: There are several kinds of data and huge amount of the employees
that are presently not properly conscious of the fact. The employees does not properly realise
the importance of the classified data (Eyadat, 2018). The employees are required to be
provided proper knowledge regarding all the kinds of data for allowing them to comprehend
the business critically.
Removable media: It has been considered the use of any removable media in the
company might introduce various kinds of security threats to the confidential data of the
company. The secure utilisation of both the personally owned devices as well as the corporate
devices has been analysed to be critical. Any kind of unauthorised removable media might
introduce the various issues of data security, hardware failure, malware infection as well as
the copyright infringement (McCormac et al., 2017). The corporate staffs should be properly
educated regarding the hazards of the unwanted removable media and then prohibit them
from the accessing any of the abandoned media, like the external hard drive.
5
SECURITY AWARENESS PROGRAM
Social networking dangers: Presently, the enterprise are using the social networking
platform as the powerful tool for developing the brand as well as generate the online sales.
Regrettably, the social networking platform introduces the phishing attacks that could lead to
the significantly huge disaster in the company. For preventing any harm of the serious data of
the organisation, the enterprise should have the feasible training program of social
networking, which would be helpful in restricting the utilisation of the social networking and
also guide the employees regarding danger of the phishing attacks (Ghazvini & Shukur,
2017). Along with this, the employees are required to be provided with the proper training of
use of the credentials and the login information.
Roles and responsibilities of personnel
While it has been considered that it crucial to comprehend all the policies that needs
the company to develop as well as implement the awareness as well as training, it is of utter
significance that the company understand the main individuals of the company who have the
duty for the IT security awareness as well as training. Roles plus the responsibilities of the
personnel of Advanced Topologies Inc. are:
Agency head: The agency heads should guarantee that the high importance is
provided to the efficient security awareness as well as training for workforce (Al-Daeef, Basir
& Saudi, 2017). It involves the enactment of the feasible IT security program along with the
robust awareness as well as the training module. The agency heads must label any CIO,
allocate the accountability for the IT security, guarantee that the agency varied IT security
program has been applied, is well-determined by the resources plus it follows the budget and
resources allocated to it.
Chief Information Officer: Chief Information Officer are mainly provided with the
duty with FISMA for administering the training as well as monitor the staffs with important
SECURITY AWARENESS PROGRAM
Social networking dangers: Presently, the enterprise are using the social networking
platform as the powerful tool for developing the brand as well as generate the online sales.
Regrettably, the social networking platform introduces the phishing attacks that could lead to
the significantly huge disaster in the company. For preventing any harm of the serious data of
the organisation, the enterprise should have the feasible training program of social
networking, which would be helpful in restricting the utilisation of the social networking and
also guide the employees regarding danger of the phishing attacks (Ghazvini & Shukur,
2017). Along with this, the employees are required to be provided with the proper training of
use of the credentials and the login information.
Roles and responsibilities of personnel
While it has been considered that it crucial to comprehend all the policies that needs
the company to develop as well as implement the awareness as well as training, it is of utter
significance that the company understand the main individuals of the company who have the
duty for the IT security awareness as well as training. Roles plus the responsibilities of the
personnel of Advanced Topologies Inc. are:
Agency head: The agency heads should guarantee that the high importance is
provided to the efficient security awareness as well as training for workforce (Al-Daeef, Basir
& Saudi, 2017). It involves the enactment of the feasible IT security program along with the
robust awareness as well as the training module. The agency heads must label any CIO,
allocate the accountability for the IT security, guarantee that the agency varied IT security
program has been applied, is well-determined by the resources plus it follows the budget and
resources allocated to it.
Chief Information Officer: Chief Information Officer are mainly provided with the
duty with FISMA for administering the training as well as monitor the staffs with important
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
SECURITY AWARENESS PROGRAM
duties for the information security. CIOs is required to work along with program manager of
IT security of the company for establishing the complete strategy for IT security awareness as
well as the training platform, guarantee that senior managers, agency head, the data and
system owners, and comprehend the main approach as well as the concepts of security
awareness and the training program as well as they are properly educated of the progress of
implementation of program, guarantee that IT security awareness and the training platform of
the company is properly sponsored, guarantee that training of the agency staffs is done with
the important duties of security, guarantee that all the users have been adequately trained in
the security duties and guarantee that the efficient tracking as well as reporting mechanisms
are implemented.
Managers: The managers have the duty of obeying with the IT security awareness as
well as the training requirements implemented for the users. The manager should function
properly with CIO and the manager of IT security program for meeting the mutual duties, aid
in role of the system proprietor and the data proprietor, appropriately contemplate the
implementation of distinct growth plans for the users in the roles along with important
security duties, encourage professional development as well as the certification of staff of IT
security program, the tenured or the part time security authorities, guarantee that all the users
of their respective systems are properly trained in the method of fulfilling their
responsibilities of security prior permitting the access to the system of the company.
Conclusion
Therefore, it could be concluded from the above discussion that the introduction of
the security and awareness program could be significantly beneficial for the Advanced
Topologies Inc. in the future. Any successful IT security program mainly includes
development of IT security policy that effectively reflects the business needs hardened by the
SECURITY AWARENESS PROGRAM
duties for the information security. CIOs is required to work along with program manager of
IT security of the company for establishing the complete strategy for IT security awareness as
well as the training platform, guarantee that senior managers, agency head, the data and
system owners, and comprehend the main approach as well as the concepts of security
awareness and the training program as well as they are properly educated of the progress of
implementation of program, guarantee that IT security awareness and the training platform of
the company is properly sponsored, guarantee that training of the agency staffs is done with
the important duties of security, guarantee that all the users have been adequately trained in
the security duties and guarantee that the efficient tracking as well as reporting mechanisms
are implemented.
Managers: The managers have the duty of obeying with the IT security awareness as
well as the training requirements implemented for the users. The manager should function
properly with CIO and the manager of IT security program for meeting the mutual duties, aid
in role of the system proprietor and the data proprietor, appropriately contemplate the
implementation of distinct growth plans for the users in the roles along with important
security duties, encourage professional development as well as the certification of staff of IT
security program, the tenured or the part time security authorities, guarantee that all the users
of their respective systems are properly trained in the method of fulfilling their
responsibilities of security prior permitting the access to the system of the company.
Conclusion
Therefore, it could be concluded from the above discussion that the introduction of
the security and awareness program could be significantly beneficial for the Advanced
Topologies Inc. in the future. Any successful IT security program mainly includes
development of IT security policy that effectively reflects the business needs hardened by the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
SECURITY AWARENESS PROGRAM
recognised risks, notifying the users of the respective IT security tasks and the development
of processes for executing monitoring along with reviewing this program.
SECURITY AWARENESS PROGRAM
recognised risks, notifying the users of the respective IT security tasks and the development
of processes for executing monitoring along with reviewing this program.
8
SECURITY AWARENESS PROGRAM
Quiz answers
Answer of question 1: True
Answer of question 2: Attenuation- C
Banding- D
Filtered power: A
Shielding: B
Answer of question 3: Isolated, Single point, Equipotential plane
Answer of question 4: ERP system, CRM system, management information system
Answer 5: The computer maintenance management system could be used for
managing the maintenance account. It is the software package that manages the computer
database of the information regarding the maintenance operations of the organisation.
SECURITY AWARENESS PROGRAM
Quiz answers
Answer of question 1: True
Answer of question 2: Attenuation- C
Banding- D
Filtered power: A
Shielding: B
Answer of question 3: Isolated, Single point, Equipotential plane
Answer of question 4: ERP system, CRM system, management information system
Answer 5: The computer maintenance management system could be used for
managing the maintenance account. It is the software package that manages the computer
database of the information regarding the maintenance operations of the organisation.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
SECURITY AWARENESS PROGRAM
References
Al-Daeef, M. M., Basir, N., & Saudi, M. M. (2017, July). Security awareness training: A
review. In Proceedings of the World Congress on Engineering (Vol. 1, pp. 5-7).
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
Eyadat, M. S. (2018). Information Security: Awareness and Training Program in the Middle
East Universities. Asian Journal of Computer and Information Systems (ISSN: 2321–
5658), 6(05).
Ghazvini, A., & Shukur, Z. (2017, November). Review of information security guidelines for
awareness training program in healthcare industry. In 2017 6th International
Conference on Electrical Engineering and Informatics (ICEEI) (pp. 1-6). IEEE.
Grant, R. L. (2017). Exploring Effects of Organizational Culture upon Implementation of
Information Security Awareness and Training Programs within the Defense Industry
Located in the Tennessee Valley Region (Doctoral dissertation).
Ma’ruf, K. F., & Rochman, M. M. (2019). GUIDELINES FOR DEVELOPING
INFORMATION SECURITY TRAINING AND AWARENESS PROGRAMS IN
GOVERNMENT AGENCY: THE PERSPECTIVE OF ADDIE INSTRUCTIONAL
DESIGN MODELS (A CASE STUDY IN INDONESIAN GOVERNMENT
AGENCY). PEOPLE: International Journal of Social Sciences, 5(2).
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., & Pattinson, M. (2017).
Individual differences and information security awareness. Computers in Human
Behavior, 69, 151-156.
SECURITY AWARENESS PROGRAM
References
Al-Daeef, M. M., Basir, N., & Saudi, M. M. (2017, July). Security awareness training: A
review. In Proceedings of the World Congress on Engineering (Vol. 1, pp. 5-7).
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672.
Eyadat, M. S. (2018). Information Security: Awareness and Training Program in the Middle
East Universities. Asian Journal of Computer and Information Systems (ISSN: 2321–
5658), 6(05).
Ghazvini, A., & Shukur, Z. (2017, November). Review of information security guidelines for
awareness training program in healthcare industry. In 2017 6th International
Conference on Electrical Engineering and Informatics (ICEEI) (pp. 1-6). IEEE.
Grant, R. L. (2017). Exploring Effects of Organizational Culture upon Implementation of
Information Security Awareness and Training Programs within the Defense Industry
Located in the Tennessee Valley Region (Doctoral dissertation).
Ma’ruf, K. F., & Rochman, M. M. (2019). GUIDELINES FOR DEVELOPING
INFORMATION SECURITY TRAINING AND AWARENESS PROGRAMS IN
GOVERNMENT AGENCY: THE PERSPECTIVE OF ADDIE INSTRUCTIONAL
DESIGN MODELS (A CASE STUDY IN INDONESIAN GOVERNMENT
AGENCY). PEOPLE: International Journal of Social Sciences, 5(2).
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., & Pattinson, M. (2017).
Individual differences and information security awareness. Computers in Human
Behavior, 69, 151-156.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
SECURITY AWARENESS PROGRAM
Pattabiraman, A., Srinivasan, S., Swaminathan, K., & Gupta, M. (2018). Fortifying corporate
human wall: A Literature review of security awareness and training. In Information
Technology Risk Management and Compliance in Modern Organizations (pp. 142-
175). IGI Global.
Pradigdya, C. A., & Ginardi, R. V. H. (2019). User Awareness Design for Electronic Money
User Using Protection Motivation Theory and NIST 800-50 Framework. IPTEK
Journal of Proceedings Series, (5), 416-425.
SECURITY AWARENESS PROGRAM
Pattabiraman, A., Srinivasan, S., Swaminathan, K., & Gupta, M. (2018). Fortifying corporate
human wall: A Literature review of security awareness and training. In Information
Technology Risk Management and Compliance in Modern Organizations (pp. 142-
175). IGI Global.
Pradigdya, C. A., & Ginardi, R. V. H. (2019). User Awareness Design for Electronic Money
User Using Protection Motivation Theory and NIST 800-50 Framework. IPTEK
Journal of Proceedings Series, (5), 416-425.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.