Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Sequential Label and Supply
nist sp 800-50, "Building an Information Technology Security Awareness and Training Program" Also, informally through emails and company bulletins, the importance of good IT best practices and precautions should reinforced
Sequential Label and Supply
After a recent failure of the computer systems at Sequential Label and Supply, it has become clear that current security provisions are inadequate
The IT security team is under-funded and understaffed
There is a lack of respect for the IT team
Problems are dealt with as they present themselves rather than are anticipated and prevented
Agency IT security policy
At present, there is no formal security policy and problems tend to be addressed on an ad hoc basis. For example, when a disc brought in by an employee infected all of the computers with a virus, the ability to use such software was disabled: no fundamental reforms were made
Awareness
There is a need to create a consistent, coherent security policy for the entire company, in all roles
Objectives include employee education and the development of a comprehensive security program to insure all employees act responsibly in regards to IT
Recent attacks to the company have placed it on high alert, although there remains a demonstrated reluctance to invest in IT security
Review and updating of materials and methods is required ASAP, as is a company-wide meeting on the topic of security; however training and education of all employees must be integrated into the regular schedule and standard operating processes of the company
Training-education
Role 1: Executives and managers
Learning Objectives
Both executives and managers must understand that IT security is not something that can be confined to the IT staff alone, but must be a pervasive, company-wide effort
Focus Areas
Evaluating priority areas using cost-benefit analysis
Methods/Activities
Evaluation Criteria
Performance can be regularly monitored in regards to IT use to ensure employees are following protocols as well as are meeting the criteria for their job performance (such as a receptionist 'closing' a call swiftly)
Regular questionnaires to evaluate knowledge of staff on IT security
Role 2: IT security staff
Learning Objectives
To create a holistic security plan for the organization which still allows the organization to function effectively
Focus Areas
Instead of 'fixing' problems after they occur, preventative maintenance must be better integrated into the company's standard operating procedures
Methods/Activities
IT staff must monitor and track 'regular' computer activities to compare them against suspicious patterns of use (such as late-night logging in)
Regular simulations of possible attack strategies are required to ensure that defensive strategies stay ahead of the hackers
Schedule
System-wide evaluations should be conducted on a regular basis (for example, every fortnight)
Company-wide meetings to educate all employees on IT-related matters are needed, as…
References
Whitman, M. & Mattord, H. (2005). Readings and cases in the management of information security. Cengage.
Wilson, M & Hash, J. (2003). Building an information technology security awareness and training program. NIST. Retrieved from:
http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
To offer an information security awareness training curriculum framework to promote consistency across government (15). Security awareness is needed to ensure the overall security of the information infrastructure. Security awareness programs is the can help organizations communicate their security information policies, as well as tips for users, to help keep systems secure, and the practices the entire organization should be utilizing. However, as Kolb and Abdullah reiterate, "security awareness is not