This website uses cookies to ensure you have the best experience. Learn more

Security Awareness Essay

2691 words - 11 pages

Information Security - Security Awareness

Abstract: 3
Security Awareness 4
Regulatory Requirements for Awareness and Training 7
References 13

Abstract:

Information security means protecting information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. A policy can be described as a set of principles intended to manage actions. An Information Security Policy (ISP) is a defined set of principles intended to protect information and information systems by controlling the actions allowed within an organization.

There is not a single off the shelf approach to implement ...view middle of the document...

Consequently while the organizational security strategy works to put scope and definitions to the overall nature of the security posture, a targeted effort to bring those concepts and directives to life in the day-to-day operations of the company, and specifically it’s employees is a Security Awareness Program. The protection of this information is at the heart of an organizations information security program. A security awareness program is an essential component of an organization's overall security strategy; it is the human knowledge and behaviors that the organization uses to protect against information security risks. The awareness level of an employee is a significant part of a comprehensive security posture because many of the vulnerabilities an organization must address rely of human intervention. Education and empowerment of the workforce through policies, procedures and education fortifies the layers in the defense strategy referred to as Defense in Depth. Defense in Depth strategy involves a balanced focus on three primary elements: People, Technology and Operations. Awareness, not just technology, is a key factor in an organization's goal to improve governance, protect assets through education and empowerment, and reduce risk.

Many organizations are finding themselves creating a security awareness program in response to legal or regulatory requirements concerning data protection. Certain regulations are very specific about the requirements for security awareness and training. Other regulations simply require safeguards that are appropriate and applicable for the size and type of organization and the desired security posture. In such cases, agencies responsible for regulatory enforcement and internal or external auditors must rely on industry accepted best practices or frameworks for guidance. Control Objectives for Information Technology (COBIT®) among others, such as ISO/IEC 17799:2005 (now ISO 27002), and the Organization for Economic Co-operation and Development (OECD) - Privacy Principles, is one of the popular best practice frameworks. COBIT provides managers, auditors, and information technology users with a set of generally accepted measures, indicators, processes and best practices to aid them in taking full advantage of the benefits derived through the use of information technology, and developing appropriate information technology governance and control in an organization. This methodology is not new to the industry although repealed by the Federal Information Security Management Act of 2002 ("FISMA", 44 U.S.C. § 3541, et seq.), the United States Computer Security Act of 1987 (Pub. L. No. 100-235, 101 Stat. 1724 1987) requires that "Each agency shall provide for the mandatory periodic training in computer security awareness and accepted computer practices of all employees who are involved with the management, use, or operation of each federal computer system within or under the supervision of that agency."...

Other assignments on Security Awareness

It Securityspecialization Essay

567 words - 3 pages stringent access controls and encryption for connectivity to corporate resources from home? 8. Which domain requires annual security awareness training and employee background checks for sensitive positions to help mitigate risks from employee sabotage? 9. Which domains need software vulnerability assessments to mitigate risk from software vulnerabilities? 10. Which domain requires acceptable use policies (AUPs) to minimize unnecessary

Security Breach Essay

558 words - 3 pages awareness training. When employees are trainined properly and often it’s a huge benefit. Only when it changes the culuture of the company to be more security minded will it be effective. By training the employess it helps to eliminate mistakes that could possibly lead to a breach. It will also help the employee notice any and all odd behavior by malicious insiders and/or fraudster criminals. References Target corporation; target provides update

Cissp

682 words - 3 pages closely your company adheres to these best practices: Awareness & Training, Assessment & Audit, Development & Quality Assurance, Compliance, Vulnerability response, Metrics & Accountability, and Operational security. To determine how to implement the Security Software Development Life Cycle, there are roughly (depending on scope) 6 phases: Requirements Gathering, Design, Coding, Testing, Deployment, and Maintenance & Retirement. Requirements

Terracog Gps Case

4326 words - 18 pages employee attrition in system automation. Also, the industry is largely unaware of the threat environment and adversary capabilities. Finally, automation administrators themselves cause many security deficiencies, through the widespread deployment of complex modern information technology equipment in control systems without adequate security education and training. Comprehensive mitigation includes improved security awareness, development of strong

Global Finance

3346 words - 14 pages financial organizations. The root of network insecurities majorly emanates from lack of awareness, concern, attention and commitment from organization management team. As result, purchasing security wares contribute insignificantly on network security management. Usually, new security measures come with regulations, which require organization change management. The best approach is constantly assess the organization security and makes improvement

Psy 201 Week 9 Dq 1 Conformity

277 words - 2 pages subtler unconscious influence. Three reasons why people conform are social pressure or norms (normative social influence), the need to look right or not foolish (informational social influence), and the desire for security within a group often of a similar age, culture, religion, ethical values, or educational status. People of any age conform to some standard. Three factors that can increase the likelihood of a person consciously or

Paper

316 words - 2 pages | | | | |Personnel documentation and checks completed – P45 | | | | |NI number | | | | |Swipe/security card

Network Security And Ethical Hacking

5261 words - 22 pages used: * The OSSTMM * NIST 4-Stage Pen-Testing Guideline * CHECK The OSSTMM is an open-source peer-reviewed methodology to guide security testing and metrics. The testing is split into five sections which test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls

Top 10 Reasons

884 words - 4 pages Top Ten NOVELL TOP TEN SOLUTIONS Top 10 Reasons to Upgrade to Novell ZENworks 11 SP2 ® ® Novell ZENworks 11 SP2 gives you new capabilities for managing your endpoints—with more flexibility, tighter security and greater ease. You can now manage Windows*, Linux* and Mac* endpoints through a web-based console and know your data is safe with full-disk encryption. ® ® Novell helps you: Manage more devices Balance security and employee

Private And Public Sector Cyber Security Needs

2198 words - 9 pages possible in order to protect themselves from cyber based attacks. As cyber threats continue to grow at an exponential rate, the continued need for training in cybersecurity awareness spreads far beyond simple IT college courses. Training in cybersecurity needs to be more practical, with threat possibilities and best practice components specific to the discipline of the user. This may include physical security, social media/engineering, laws

Cmgt 410 Week 2 Individual

1178 words - 5 pages enforce. The most beneficial of these options is user training and awareness. Users need much better training on information security and more often than once a year. This would cost the military more money but that would be money well spent. To counter the zero-day risks, the military should look at what systems these vulnerabilities are on and if accepting those risks are worth it. Also, pushing for faster equipment and information updates

Similar Documents

Principles Of Information Security Essay

953 words - 4 pages , and make it clear that they are appropriate given the current security environment. By raising the awareness of the risk to the business level, we raise the priority of security. Sometimes risk is necessary; it’s the security team’s role to ensure that the risk is taken with awareness and accountability. The next part of your risk assessment is to review your information inventory and evaluate how that information could be compromised through an

Security Policies Overcoming Business Challenges Essay

470 words - 2 pages , where, why and how. As stated above the administrative controls are sometimes broken down into two separate categories, procedural controls and legal controls. Procedural Controls are an organizations policies and procedures that all employees must follow for each specific circumstance for which they were written. Examples of these include: security awareness and training, incident response plans, and change controls. Some of these procedures

Security Essay

1066 words - 5 pages ). References Bakari, J. K., Magnusson, C., Tarimo, C. N., & Yngström, L. (2006). Outsourcing ICT Security to MSSP: Issues and Challenges for The Developing World. McCoy, C., & Fowler, R. T. (2004). "You are the key to security": establishing a successful security awareness program. doi:10.1145/1027802.1027882 Samara, G., Al-Salihy, W. A., & Sures, R. (2010). Security issues and challenges of Vehicular Ad Hoc Networks (VANET).

Is Audit Essay

477 words - 2 pages complied with and can also offer suggestions on improving compliance and making suitable changes to the IT Policy. He can also offer guidance in those areas which may not be adequately addressed in the policy.  Security Awareness: An effective IS Audit helps increase level of security awareness and compliance with security measures among IT users. This also provides motivation to security officers and system administrators to do their job