Cybersecurity Training Report: Training Plan and Security Risks

Verified

Added on 2022/11/28

AI Summary

This cybersecurity training report outlines a comprehensive plan for enhancing organizational security. It begins by emphasizing the importance of security awareness and its impact on mitigating cyber threats. The report then details various security risks, categorizing them into physical, technical, and administrative domains, and suggests corresponding protective measures. Key aspects of the training plan include the implementation of robust security policies and access controls, proper management of critical electronic devices, and protocols for handling sensitive information. The report also stresses the need for disaster management plans and action plans to recover from security incidents. Furthermore, it addresses the significance of employee behavior in maintaining security and suggests strategies to minimize risks associated with internal threats. The report concludes by referencing relevant frameworks and resources for further implementation and development.

Running Head: Cybersecurity Training 0
Cybersecurity Training
Report
Student name

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cybersecurity Training 1
The training plan
There are some basic things include in the training plan that is necessary for the cybersecurity of
the organization. In the present era, most of the organizations have used information assets for their
business functions to achieve high performance and profit in their business. there should be some
potential challenges in front of an organization. Therefore, a project manager and staff members should
know about these things, which areas:
Culture of security awareness
Security awareness is necessary to secure all the information assets from cyber-attacks and
cybercrime. In addition, collaboration makes a huge impact on security and incident response. Besides,
employees must care about the data and information of the company and their customers. In addition,
stakeholders must know about the cybersecurity, which is necessary for their data and financial losses.
An organization has many intellectual properties, which requires security from physical and technical
ends (Andrijcic & Horowitz, 2016).
Security risks
There are three main security risks in an organization, which are physical, technical, and
administrative. An organization should provide three protections to their information assets and
resources, which areas:
Physical protection: all the assets should be in the custody of security personnel, such as networking
devices, servers, data centers, and many others.
Technical Protection: it is necessary to use secure methods for data transfer, such as cryptography
techniques and many others. It will secure their data from hackers.
Administrative protection: legal and regulatory rule and guidelines should be used for employees and
other stakeholders.
Security policies and access controls
There are various policies should be implemented for the access control in different secure and
sensitive areas, such as server room, data center, and many others. No one can use the internet or
private network on the premises. An organization always implements cybersecurity systems and experts
to secure data and other things (Arlitsch & Edelman, 2014).

Cybersecurity Training 2
Use of critical electronic devices
There should be proper policies for use of own devices in the organization to secure all the data
from hackers. In addition, business is based on information assets. Therefore, the company should
secure them from different types of cyber-attacks (Callaghan, 2018). The organization should implement
firewalls and IDS/IPS system to secure internal and external devices from attackers. There are various
certification courses in the market, which are helpful for employees to secure their information assets
from cyber-attacks (DeGroat, 2018).
Handling of critical information
The organization should have a disaster management plan for business continuity. Hence, the
organization must maintain a backup of all the data in a data center, which is outside of the
organization. Sometimes, employees are not satisfied with the salary, incentives, and seniors. Therefore,
they make some mistakes in the electronic devices and communication network.
Action plans
The organization should have an action plan to recover critical electronic devices and
communication networks. There are various rule and regulations for securing the information assets of
an organization. In addition, the organization should implement international frameworks for securing
data and information from cyber-attacks, such as ITIL, ISO 27001, TOGAF, and many others.
Behavior of employees
The organization should manage all the activities to reduce risk because of the behavior of
employees towards the organization. Employees can sale the data for their personal benefits, which can
damage the reputation of the organization, as well as financial losses, can be faced by the organization.
References

Cybersecurity Training 3
Andrijcic, E., & Horowitz, B. (2016). A Macro Economic Framework for Evaluation of Cyber Security Risks‐
Related to Protection of Intellectual Property. Risk analysis, 26(4), 907-923.
Arlitsch, K., & Edelman, A. (2014). Staying safe: Cyber security for people and organizations. Journal of
Library Administration, 54(1), 46-56. Retrieved from
https://www.tandfonline.com/doi/abs/10.1080/01930826.2014.893116?journalCode=wjla20
Callaghan, S. (2018, October 29). PIPEDA: What Canadian businesses need to know. Retrieved from CIRA:
https://cira.ca/blog/cybersecurity/pipeda-what-canadian-businesses-need-know
DeGroat, T. (2018). 5 Cybersecurity Certifications That Will Get You Hired. Retrieved May` 31, 2019, from
https://www.springboard.com/blog/cybersecurity-certifications/