1 / 7

Security awareness plan Federal infosec standards and regulations robert chubbuck / uat

Security awareness plan Federal infosec standards and regulations robert chubbuck / uat. Ryan Haidinger – 6/3/2012. Overview. This security awareness plan overview will document key information in order to create and execute successfully within a small business community.

lluvia
Download Presentation

Security awareness plan Federal infosec standards and regulations robert chubbuck / uat

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security awareness planFederal infosec standards and regulationsrobertchubbuck / uat Ryan Haidinger – 6/3/2012

  2. Overview • This security awareness plan overview will document key information in order to create and execute successfully within a small business community. • It is important to remember, that in order to be successful, it requires a team effort. Employees should want to work together in order to prevent security issues from occurring.

  3. Key Elements • There are various elements of a security awareness plan that must be taken into consideration before conceptualizing. • 1. Both Senior / Executive management must both support and encourage employees to meet security objectives for this new plan. • 2. Identification of team members who will be responsible for properly implementing security plan for the company. • 3. Security Awareness Plan must be properly documented and presented to users in a way in which to reinforce the idea through a series of presentations and community focus activities. • 4. Proper training must be administrators by department managers to employees who have questions or concerns regarding the document.

  4. Primary Questions • The following are a list of questions which need to be explained before creating the security awareness plan. • 1. How will the security plan be implemented into the company and at what capacity? • 2. Does the security awareness plan account for visitors / new, yet known people at the office. • 3. Are there training scenarios setup already in place to deal with new security updates, or is security training an unknown concept at the office. • 4. What is the resource (time and cost) budget for this full implementation? • 5. Is it possible to implement a section of this plan, and than update as time progresses? (good for companies on a budget)

  5. Company Issues • The following are a list of issues that this plan will hope to resolve once fully implemented within the company. • 1. Company network at risk of Virus/Trojan attack due to public access by employee computers. • 2. Private information being downloaded and taken away from the office (via media device) • 3. Increase the security of all employee passwords • 4. Increase training for all employees of security issues in order to spot possible fraudulent / risk situations. • 5. Increase the amount of security policies currently at use, and also rework current policies to be more in tune with our new system.

  6. Benefits and Drawbacks • There are a few worthy benefits and drawbacks that need to be considered before going through with a plan such as this. • Pros • 1. Ability to train employees over new security mechanisms has the possibility of saving company tens of thousands of dollars in risk situations. • 2. Increase the overall security of the company by implementing strict policies and enforcing password authentication security. • 3. Stop non-employee users from accessing corporate network and potentially risking the flow of private information to outside of the office. • 4. Limit the use of personal media devices, which have the possibility of stealing outside information. • Cons • 1. If the company does not have a security team currently in place, than it may prove difficult to setup all of these new security adjustments. In which case a company might hire a contracted consultant. • 2. Employee training time can be generalized, but might have to be extended for users who are unfamiliar with technology or security products. • 3. The cost of actually implementing each feature will take considerable time resources away from other projects, in additional to an actual monetary figure for implementation.

  7. References • Guest Contributor. (2004). Success strategies for security awareness. Available: http://www.techrepublic.com/article/success-strategies-for-security-awareness/5193710. Last accessed June 3, 2012. • Peltier, T. (2005). Implementing an Information Security Awareness Program. Available: http://www.infosectoday.com/IT%20Today/Peltier_awareness.pdf. Last accessed June 3, 2012. • securingthehumsourcean. (2012). Awareness Business Justification. Available: http://www.securingthehumsourcean.org/res/business-justification. Last accessed June 3, 2012.

More Related