Purchase Solution

Security Education and Training Awareness Programs

Not what you're looking for?

Ask Custom Question

I am tasked to help develop a security and training awareness program for my small-to-medium organization (see scenario below).

------------------------

"The Business Organisation is an information holdings with about 600 staff. A recent audit of the organisation's information security management system found it to be deficient in some key areas, notably incident response, disaster recovery and business continuity, social engineering exploitation of personnel, an apparent lack of personnel awareness of the various threats to information, and poor password security. Technical systems were found to be reasonably effective in maintaining database and document management security, and were well serviced by the IT team"

The proposed plan should include:
1. Objectives
2. Topics to be covered
3. Level of learning (knowledge, skill or competence)
4. Recommended Instructional methods and media to use/support
5. Example of learning activities and exercises
6. Evaluation criteria

Some theory sources:
http://www.sans.org/reading_room/whitepapers/awareness/developing-integrated-security-training-awareness-education-program_1160

http://www.itl.nist.gov/lab/bulletns/bltnoct03.htm

http://www.wyoming.gov/pdf/Template_AwarenessPlan.pdf

? The plan should be based on real commercial security education techniques, and your best knowledge and expertise in security education.

? Answers should not be theoretical definitions

? As far as possible, please avoid too much word-quoting from sources. Minor citation allowed

? Any citation must be from credible sources.

Attachments
Purchase this Solution
Solution Summary

Security educations and training awareness programs are examined.

Solution Preview

Security Awareness, Training, and Education Plan
1. Objectives
Since XYZ is an information holding organization the need for security awareness and training and education is critical in successful business operations. The objective of security awareness program is to focus on employees to maintain the confidentiality, integrity, and availability of information assets.
The objective of security awareness training is to promote employee understanding that the management of the company supports the security program.
The overall objective of this program would be to create an ongoing security awareness program which includes continuous training, communication and reinforcement.
2. Topics to be covered
The topics to be covered under the security plan include:
 Incident Response plans (IRPs), Disaster Recovery Plans (DRPs), and Business Continuity Plans (BCPs): Given the complexity of business systems, incident response has become very critical for organizations. An organization is at a high risk if it is not able to respond efficiently to incidents, especially to incidents in which critical resources are exposed. Primary functions of the above plans are:
• IRP focuses on immediate attack. If the attack escalates, the process changes to DRP and BCP
• DRP focuses on restoring systems after attack has occurred. It works in association with BCP
• BCP works in conjunction with DRP when damage is of large magnitude which requires more than simple restoration of information and information resources

 Social engineering exploitation of personnel: Social engineering is the most common and the easiest method of maneuvering around security obstacles. Such networks extract information without raising suspicion. The technology based social engineering exploitation makes users into believing that they are interacting with real application or system to extract confidential information. Common technical attacks are phishing, Spam mails, Popup window, etc.

 Awareness of various threats to information: There are many information security threats that are important for employees to know in order to protect the sensitive information of the company. Most common information threats are:
• Unauthorized Access: This is the successful access of information without permission
• Cyber Espionage: It involves hacking of company to obtain sensitive information
• Malware: A term used for malicious software such as viruses, worms, and Trojans designed to infiltrate systems and information for criminal activities or destruction purposes.
• Phishing: A form of social engineering which involves sending emails which look legitimate aimed at fraudulently extracting information from recipients.
• Spam: Unsolicited emails send to mass to spread ...

Purchase this Solution
Free BrainMass Quizzes
Change and Resistance within Organizations

This quiz intended to help students understand change and resistance in organizations

Operations Management

This quiz tests a student's knowledge about Operations Management

Writing Business Plans

This quiz will test your understanding of how to write good business plans, the usual components of a good plan, purposes, terms, and writing style tips.

Basics of corporate finance

These questions will test you on your knowledge of finance.

Managing the Older Worker

This quiz will let you know some of the basics of dealing with older workers. This is increasingly important for managers and human resource workers as many countries are facing an increase in older people in the workforce

View More Free Quizzes
Related BrainMass Solutions

  • Protection from Cybersecurity Threats

    Foster adequate training and education programs to support the nations cyber security needs. " "3. Increase the efficiency of existing federal cyber security training programs." "4.

  • Information security regimes in small-to-medium enterprises

    Security training and Education The purpose of information security training is to create awareness among users of potential risks of breaching information security.

  • Important of information security in organizations

    In any organization, introducing information security procedures, policies or awareness training creates awareness among enterprises for the potential risks of breaching information security.

  • How training and education needs are determined

    465130 How training and education needs are determined Appropriate pre-service and in-service career education and training are essential for security personnel. How are training and education needs determined?

  • Information Security Policies / Contingency Planning

    In particular, the solution describes how an organization institutionalizes policies, standards, and practices using education, training, and awareness.

  • Tactical Plan

    , and Use * IT Policies * Mobile, Wireless Computing * Web Development, Environments * Money www.umaryland.edu/cits Technology Security * Action Items: o To heighten security awareness and education

  • Booz Allen Hamilton Training Programs

    Booz Allen Hamilton also sends its employees to Polytechnic Institute of New York University to be trained in further education through online course in "bioinformatics; cyber security; organizational behavior; and computer, electrical, industrial, and

  • Management for Business/Education Developed

    How would a global online training environment support security? A global online training can provide online competency-based education and training programs and customized support services leading to individual and community accreditation.

  • Federal Appropriations

    government expenditures which will have the greatest impact on national economy during the upcoming budget year are National defense, transportation, education training employment and social services, and social security.

View More Related Solutions