Security awareness programs, writing assignment help

DO YOU KNOW WHY YOUR FRIENDS ARE POSTING BETTER GRADES THAN YOU? — THEY ARE PROBABLY USING OUR WRITING SERVICES. Place your order and get a quality paper today. Take advantage of our current 15% discount by using the coupon code WELCOME15.


Order a Similar Paper Order a Different Paper

Critique needed:

Security
awareness programs are designed to educate users on the security policy
of an organization. The goals for a security awareness program should
include not only education about the organization’s security policy but
should help to foster an understanding of how the policy protects the
business, the employee, and customers (Johnston, 2001). In today’s
business surroundings, data security and insurance of data resources are
crucial to the long haul accomplishment of all associations; data is an
indispensable business resource. Information technology (IT) systems
connect every internal department, and also connect the organization
with myriad suppliers, partners, customers, citizens and others (City of
Winnipeg, 2008).

Red Clay Renovations will hire an IT Security Consulting firm to
conduct the assessment of Red Clay Renovations Information Security
Awareness policies. This audit will be of importance to assess the
awareness of management and staff regarding Red Clay Renovations IT
Security policies; to assess the understanding of management and staff
relating to Red clay Renovations IT Security policies; and to recognize
the strategic improvement opportunities when the audit will be
conducted.  

This audit will be conducted at each individual field office and the
operations center. The IT Security Consulting firm will work with the
Chief Information Security officer (CISO) and Field Office Information
Systems Security Officer (ISSO) to determine the scope of the audit.
Factors to consider include the site business plan, the type of data
being protected and the value/importance of that data to the client
organization, previous security incidents, the time available to
complete the audit and the talent/expertise of the auditors. This will
help each of the ISSOs with the scope of the audit being clearly
defined, understood and agreed to by Red Clay Renovations.

Once the scope is understood the auditors will develop a plan. It
will cover how it will be executed, with which employees, and utilizing
specific tools. After the plan has been developed, a discussion with Red
Clay Renovations will begin to discuss the objective with the site
ISSOs to go over the calculated points of interest, such as the time of
the audit and which site staff might be included and how the review will
influence day-to-day operations. During the audit, a collection of data
about the physical security of computer assets and perform interviews
of site staff will incur. Auditors may perform network vulnerability
assessments, operating system and application security assessments,
access controls assessment, and other evaluations (Hayes, 2003).

After completion of the employee awareness audit, the IT security
firm will have the auditors ready to guide the audited site staff in
correcting deficiencies and help measure the success of these efforts
(Hayes, 2013). The CISO and ISSOs will continually supervise
deficiencies that have turned up by the audit until completely
corrected. Awareness is something that employees need to know and would
usually be part of the initial job orientation/induction. For some
activities, it won’t be obvious how they affect the customer and quality
management or affect safety or environmental impacts (Quality Systems
Toolbox, n.d.). Having an outline of procedures (e.g. a procedure guide)
and top level process documentation can characterize where activities
fit. Roles and responsibilities change after the course of time and
employees grow new aptitudes, Red Clay Renovations will conduct the
audit annually to eliminate risks.

References:

City of Winnipeg. (2008). Assessment of Information Security
Awareness (1st ed., pp. 5-9). Winnipeg: City of Winnipeg. Retrieved from
http://www.winnipeg.ca/audit/pdfs/reports/ITSecurityAwareness.pdf

Hayes, B. (2003). Conducting a security audit: An introductory
overview. Retrieved 11 October 2016, from
http://www.symantec.com/connect/articles/conducting-security-audit-introductory-overview

Johnston, M. (2001). Security Awareness Training and Privacy (1st
ed., pp. 2-4). Sans Institute. Retrieved 11 October 2016, from
https://www.sans.org/reading-room/whitepapers/awareness/security-awareness-training-privacy-394

Quality Systems Toolbox. (n.d.). ISO 9001 Quality Systems Toolbox –
Training, Awareness, and Competence. ISO 9001 Quality Systems Toolbox.
Retrieved 11 October 2016, from
http://www.qualitysystems.com/support/pages/training-awareness-and-competence

Do you require writing assistance from our best tutors to complete this or any other assignment? Please go ahead and place your order with us and enjoy amazing discounts.


Order a Similar Paper Order a Different Paper