This week we learned about security culture and how to promote it within organizations. It?s important that
This week we learned about security culture and how to promote it within organizations.
It’s important that all employees are aware of common security risks and treat security seriously. The majority of cyberattacks aim to exploit human weaknesses with methods like phishing.
For this reason, people are most often the weakest link in an organization’s security defenses.
Scenario
- Employees at SilverCorp are increasingly using their own personal devices for company work.
- Specifically, over half of all employees check their work email and communications via Slack on their personal mobile phones.
- Another 25% of employees are doing other work-related activities using work accounts and work-related applications on their personal phone.
- Allowing sensitive work information to be shared on employees’ personal devices has a number of security implications.
- You must research these security risks and use the security culture framework to develop a plan to mitigate the concerns.
Instructions
Compose the answers to the following four steps on Word Document.
Step 1: Measure and Set Goals
Answer the following questions:
- Using outside research, indicate the potential security risks of allowing employees to access work information on their personal devices. Identify at least three potential attacks that can be carried out.
- Based on the above scenario, what is the preferred employee behavior?
- For example, if employees were downloading suspicious email attachments, the preferred behavior would be that employees only download attachments from trusted sources.
- What methods would you use to measure how often employees are currently not behaving according to the preferred behavior?
- For example, conduct a survey to see how often people download email attachments from unknown senders.
- What is the goal that you would like the organization to reach regarding this behavior?
- For example, to have less than 5% of employees downloading suspicious email attachments.
Step 2: Involve the Right People
Now that you have a goal in mind, who needs to be involved?
- Indicate at least five employees or departments that need to be involved. For each person or department, indicate in 2-3 sentences what their role and responsibilities will be.
Step 3: Training Plan
Training is part of any security culture framework plan. How will you train your employees on this security concern? In one page, indicate the following:
- How frequently will you run training? What format will it take? (i.e. in-person, online, a combination of both)
- What topics will you cover in your training and why? (This should be the bulk of the deliverable.)
- After you’ve run your training, how will you measure its effectiveness?
This portion will require additional outside research on the topic so that you can lay out a clear and thorough training agenda.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.