CIS 493 Bellevue University Implementation of Security Awareness Training Discussion

User Generated

tubfgzbo

Computer Science

cis 493

Bellevue University

CIS

Description

Using your enterprise security plan proposal as a guide, think about an organizational plan for security awareness training for your chosen organization. One of the best ways to make sure company employees will not make costly errors in regard to information security is to institute company-wide security-awareness training initiatives that include, but are not limited to classroom style training sessions, security awareness website(s), helpful hints via e-mail, or even posters. These methods can help ensure employees have a solid understanding of company security policy, procedure and best practices.

For this part of your term project, your training plan should be shown as a single page poster to discuss the security awareness training implemented at your chosen company. Information security training posters keep employees thinking about the threats they face. This is your chance to get creative! Explain dates and times for security awareness training and include a reason why the training is necessary by displaying a security issue on the poster.

Unformatted Attachment Preview

Running head: ENTERPRISE SECURITY PROPOSAL Enterprise Security Proposal Name Course Tutor Date 1 ENTERPRISE SECURITY PROPOSAL 2 Enterprise Security Proposal Introduction Many organizations consider information security as their number one concern. In the last five years, CIOs of many big companies have explained why information security is now taking the top slot among great concern to organizations. Several companies' business models heavily rely on data capturing, mining, analysis, sharing, and storage. Insecurity in data management can lead to huge losses to an organization, some of which can be detrimental to its going concern. Internally, organizational IT departments are often met with challenges of dividing and distributing responsibilities related to information security throughout the organization. An enterprise comprises many departments undertaking related or unrelated activities. It is such settings that present complexity when it comes to rolling out a comprehensive enterprise-wide security plan. Furthermore, it is important to note that not all departments in an organization will always agree while implementing respective policies. It is always characteristic of these departments to compete in terms of interests. Division and distribution of information security responsibilities, if not properly handled, can stir problems instead of addressing them. Proposed Plan Assurant is a U.S based global provider of risk management products and services. Headquartered in New York City, the company was founded in 1892 and now controls 0.9% of the insurance market share. Assurant currently has a presence in more than 100 countries, with $5.6 billion direct premiums written. Over the years, the company has had a history of information security challenges, with the most memorable incident being the massive data theft ENTERPRISE SECURITY PROPOSAL 3 that occurred in 2018. Recent information security-related complaints from the organization show that the company's entire IT infrastructure security has never been addressed. For such a reason, we come up with a comprehensive enterprise security proposal for the company. Establish Security Oversight Board Several strategies can be used to develop a comprehensive enterprise-wide security plan. In this proposal, we suggest a strategy that involves a security oversight board at the helm of all information security-related matters. The board's composition includes the management representatives from the corporate functional office and all organization's business units. There has to be the information security committee under the board whose actual responsibility is to divide and distribute information security responsibilities among the organization's departments as the need may demand. Being an oversight body, the board can choose to be involved in the day-to-day information security activities in the organization or supervise the committee's activities. Assignment of Responsibilities to Governance Categories Education, Training, and Awareness Under the supervision of the board, the committee will ensure that all governance categories of IT information security are assigned responsibilities and periodically updated as required by the already laid down policies. For instance, the committee will conduct periodic training and awareness to the organization's employees, especially those exposed to critical organization data and systems (Multi-dimensional enterprise-wide security: An action plan, 2020). Due to information technology's changing nature, the committee must conduct education, training, and awareness exercises every six months (infosec.gov.2020). Such an opportunity will ENTERPRISE SECURITY PROPOSAL 4 expose the organization’s employees and other system users to the latest information security updates. Regulatory and Legal Requirements Another governance category that the committee, also under the close supervision of the board, will undertake its compliance to industry regulations and those laid out by the professional organizations concerned with enterprise information security. Additionally, compliance with the legal requirements will also be necessary. Audit and Validation Another governance category that the committee will also undertake will include audit and validation of the company's systems and protection mechanisms. These will include penetration tests, configuration reviews, and controls validation, moving all point-in-time validation procedures to continuous validations, and finally, automating security system validation. Policies, procedures, and standards Finally, the governance category is policies, procedures, and standards. The implementation committee will review the already existing policies and recommend necessary changes. Policies are simply the operating principles that an organization uses. Common information security policies that the committee will try to enforce include password policies and company document handling policies. On the other hand, procedures refer to a step-by-step outline of how things are done. In the organization, the committee will issue or enforce the procedure of system user authentication. Finally, we talk about standards. These are rules and ENTERPRISE SECURITY PROPOSAL 5 controls that the committee will rely on while enforcing the above-listed policies. For instance, we have the ISO standards of the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization (Tricomi, 2020). Other Core-Security Dimensions Another important area that the security committee will ensure they assign responsibilities to includes the core-security dimensions. These are other important elements of any information security plan and include the end-users organization employees, business partners, organization customers, and suppliers. The committee will define their roles and scope as far as the security management is concerned. Conclusion The adoption of this proposal is subject to the review and approval of the organization's administrative management. It provides a clear picture of how the company, Assurant, can manage its information security going forward. ENTERPRISE SECURITY PROPOSAL 6 References (www.infosec.gov.hk)I. (2020). Infosec: IT Security Standards and Best Practices. Retrieved 11 September 2020, from https://www.infosec.gov.hk/en/useful-resources/it-securitystandards-and-best-practices Multi-dimensional enterprise-wide security: An action plan. (2020). Retrieved 11 September 2020, from https://searchsecurity.techtarget.com/feature/Multi-dimensional-enterprisewide-security-An-action-plan Tricomi, K. (2020): Policies, Procedures, and Standards | BPMInstitute.org. (2020). Retrieved 11 September 2020, from https://www.bpminstitute.org/resources/articles/policiesprocedures-and-standards
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Here you go. In case of any further inputs please let me know!It was good working with you! 👋 Thanks for using Studypool. Take care and good luck!All the best.

1

Running Head: SECURITY PROPOSAL

Enterprise Security Proposal
Name
Course
Tutor
Date

2

SECURITY PROPOSAL

Enterprise Security Proposal
Security Awareness Training
Security awareness training basically refers to a training program focusing on increasing
security awareness among employees in the organization. Essentially, the training aspects of an
effective security awareness plan need...

Similar Content

Related Tags