Information Security Systems Response Assignment | Homework Help Websites
In the current digital world, security is the most important aspect for an organization or individual. As the number of cyber-attacks is increasing day by day, Security Awareness Training (SAT) is the most priority for all the companies.
The SAT provides a great way to educate employees and keep the organization’s security policy fresh in their minds. There are different stages involved in this process.
Forming Security Team: This is the first step to develop the guidelines, policies, and delivery. It’s a great advantage having a specialized team ensure the success of the SAT program. The team size will depend on the organization needs and culture.
Determine Roles: The organization can provide training personnel at the appropriate levels based on the roles. The idea is to help organizations deliver the right training to the right people. Every organization has different teams and all of them may not require the same training. For example, the network team required more training on security, but the business team or Testing team may not require. So, it’s very important to provide SAT based on the role. The manager role required different SAT training than a team member.
General Security Training: All personals
Intermediate Security Training: Managers, Some Specialized Roles
In-Depth Security Training: Specialized Roles, Higher Management
Passwords: All passwords must contain letters, numerical, capital letters and special characters and length should be more than 15 characters. Also, need to avoid keeping the first name, last name and month names. All the passwords must be changed on monthly basis.
Clean Desk Policy: Its always better to implement clean desk policy. All the employees should not list the passwords on paper or system. It’s always better to memorize and keep a unique password which is easy for you not others.
Security Audit: It’s one of the most important and needs to perform this task on quarterly. Based on the audit results an organization can update the security guidelines and policies.
References:
1. Jan Killmeyer. Information Security Architecture: An Integrated Approach to Security in the Organization, Second Edition
2. https://www.enterprise-cio.com/news/2016/jan/22/importance-security-awareness-training-enterprise-it-governance/