Security Awareness

In: Computers and Technology

Submitted By katdylan
Words 2691
Pages 11
Information Security - Security Awareness

Abstract: 3
Security Awareness 4 Regulatory Requirements for Awareness and Training 7
References 13

Abstract:

Information security means protecting information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. A policy can be described as a set of principles intended to manage actions. An Information Security Policy (ISP) is a defined set of principles intended to protect information and information systems by controlling the actions allowed within an organization.

There is not a single off the shelf approach to implement an ISP. The ISP is tailored to the specific organization and defined by the environment of the IS, the classification of the information, governance and compliance laws, and the levels of acceptable risk to the organization.

An IPS has many areas to cover but the most prominent subject matter is risk management. Risk management addresses an organization's assets exposure to environmental risks. Since risk management is continuous and must be reevaluated whenever changes are introduced into the environment or when a breach of the policy has occurred so should the ISP.

Policies must be useable, workable and realistic. In order to truly measure the effectiveness of an ISP measurements or metrics must be defined in order to grade or rate the effectives. ISPs that are not applicable, reviewed or updated can end up simply as “shelfware”. This means that they are designed, printed and stored on a bookshelf. An ISP that is not continually reviewed, measured and maintained is not effective in today’s fast paced and competitive computer age.

Security Awareness

Information is the lifeblood of an organization, and represents a fundamental business asset in today’s…...

Similar Documents

Ergonomics Awareness

...Level of Organization Awareness on the Importance of Ergonomics to Health and Safety at the Workplace Zafirah Ab Muin1 Dr. Maimunah Sapri2 Faculty of Geoinformation and Real Estate Universiti Teknologi Malaysia 81310 UTM Skudai, Johor, Malaysia 1 Email: zafirah.hjabmuin@gmail.com 2 Email: maimunahsapri@utm.my Abstract In Malaysia, ergonomics has been introduced on December 1, 1992 through the establishment of ergonomics division in the National Institute of Occupational Safety and Health (NIOSH); while its provision has been stated under Occupational Safety and Health Act (OSHA) 1994. Although ergonomics has been carrying out by the government almost centuries ago, but it is not widely implemented and practiced in Malaysia. Besides, occupational disease consists of human organs tends to happens mainly due to lack of ergonomics awareness among the people at the workplace. Ergonomics awareness is the first step to implement ergonomics effectively. Without ergonomics awareness, effort to endorse ergonomics practice can be tough and lead to injuries and illness; and directly affects the workers’ productivity, performance and cost. Therefore, this study was attempted to identify the level of organization awareness on the ergonomics provision under OSHA 1994 and to evaluate the level of organization awareness on the importance of ergonomics to health and safety at the workplace in University Teknologi Malaysia (UTM). A quantitative and survey research design was used. 230......

Words: 6791 - Pages: 28

Financial Awareness

...measured based on the relationship between the levels of financial awareness among Islamic Banking students UiTMKotaBharu. Therefore, the needs of awareness on financial planning is vital due to the fact that it will determine on whether the students will have a burden in terms of debt in the future. 1.2 Problem statement Although the Islamic Banking students UiTM Kota Bharu learn the subject regarding the financial but the students still have a low awareness regarding financial planning. On top of that, without having an effective financial planning program, theIslamic Banking students UiTM Kota Bharu will be facing a financial burden in which they will confront in the future. For instance, high level debt, blacklist from the bank, and subsequently, they will undergoes difficulty to borrow a loan from the bank in which to purchase an asset or property. 1.3 Research Objective 1) To find the relationship between the knowledge in personal finance (budgeting capabilities) towards level of awareness in financial planning among Islamic Banking students UiTMKotaBharu. 2) To find the relationship between lifestyle of students (based on spending) towards level of awareness in financial planning among Islamic Banking students UiTMKotaBharu. 3) To find the relationship between studentsbackground in personal finance (based on parent’s profile/ income) towards level of awareness in financial planning among Islamic Banking students......

Words: 8260 - Pages: 34

Employing Information Security Awareness to Minimize over-Exposure of Average Internet User on Social Networks

...International Journal of Scientific and Research Publications, Volume 4, Issue 1, January 2014 ISSN 2250-3153 1 Employing Information Security Awareness to Minimize Over-Exposure of Average Internet User on Social Networks WorawitBinden*, MaheedeenJormae**, ZakariaZain***, Jamaludin Ibrahim**** worawit.inter@gmail.com*, maheedeen@gmail.com**, zakariazain13@gmail.com***, jamal55@gmail.com**** Department of Information Systems, Kulliyyah of Information and Communication Technology, International Islamic University Malaysia ABSTRACT-Use of Online Social Networking Sites (OSNs) has become ubiquitous nowadays. In the era of a million user social networking sites throughout the world, it becomes increasingly difficult for people to control what they are exposing to whom. In this paper we analyze the influence of social media interactivity features on the exposure of personal data of average Internet user and present techniques to implement information security awareness to minimize overexposure on OSNs. Index Terms-Online Social Networking, Information Security Awareness, Social Network Interactivity Features I. INTRODUCTION nformation is vital to communication and a critical resource for performing work in organizations. It is also important to individuals, and therefore the need to proper manage it well, is growing rapidly. Protecting data is as important as protecting cash as it is asset – and requires just as much care and planning. Now more than ever, people need...

Words: 4473 - Pages: 18

Security

...BCIS 4740 Test 1 Study online at quizlet.com/_5lakh 1. Security Physical Security The quality or state of being secure - to be free from danger. To protect physical items, objects, or areas from unauthorized access and misuse. To protect the individual or group of individuals who are authorized to access the organization and its operations. To protect the details of a particular operation or series of activities. To protect communications media, technology, and content. To protect the confidentiality, integrity and availability of information assets, whether in storage, processing, or transmission. It is achieved via the application of policy, education, training, and awareness, and technology. The _____ can be the subject and or object of an attack. A "well-informed sense of assurance that the information risks and controls are in balance. _____ includes information security management, computer security, and network security. _____ is central to all information security efforts A subject or object's ability to use, manipulate, modify, or affect another subject or object. The organizational resource that is being protected. An intentional or unintentional act that can cause damage to or otherwise compromise information and/or the systems that support it. Security mechanisms, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization. A technique used to compromise a system. A......

Words: 3836 - Pages: 16

Customer Awareness

...healthcare services have not been able to live up to the expectations of the people. Private health sector has made impressive strides specially in providing tertiary healthcare, though, it remains expensive and often out of financial reach of older population. However, no attention has been paid either by Government or by healthcare providers towards preventive care, which is especially important for the senior citizens. 3. Health insurance is a vital part of health care financing, yet its penetration in India is woefully inadequate. With low public expenditure on health, households have been burdened with meeting most of their healthcare expenses out of their earnings, savings or borrowings, but often, through disposal of assets. 4. The awareness about and efforts to popularize health insurance have been inadequate. Concerted efforts would need to be made in this direction. 5. While the corporate group health insurance policies enjoy liberal coverage and subsidized pricing, the premium for the individual policy holders especially the senior citizens, are witnessing steep escalation in premium leading to declining affordability. 6. The Committee observed that though there are some insurance products that are technically ‘available’ for senior citizens, in practice it is not easy for them to obtain a health insurance cover. The underwriting practices of insurers are not transparent and there are several complaints of arbitrary loading, denial of renewals and cancellations......

Words: 62829 - Pages: 252

Cultural Awareness

...Cultural Awareness Standing outside waiting for the bus to pick her up for school, Mary Mejie said she remembers the constant teasing of kids taunting her to play kung fu with them as they pulled and tugged on her long jet-black hair. “The kids would speak in some made up language and call me Chinese,” Mary said. Mary’s father is Japanese and her mother is Filipino. “I grew up in the Philippines, but my early schooling was in the city of Baltimore,” Mary noted. Reluctant to admit initially that the teasing came from kids of other cultural backgrounds, Mary later admitted it primarily came from African- American kids. According to an article on the Democrat and Chronicle website, a newspaper in Rochester, N.Y., studies show that children exposed to different cultures at a young age have enhanced social and emotional development. According to the study, children learn about differences and similarities and increase their sense of self. In addition, this understanding prevents aggressive and self-controlling behaviors in children, the study explained and helps them adapt better to a changing environment. Now an adult, Mary says she realizes that, as children in school, they were not taught to understand or care about the differences or similarities of other cultures. “We were just happy to have friends that looked like we did to play with,” Mary noted. As a young adult, Suzette Hampton, an African-American mother of four and...

Words: 1760 - Pages: 8

Self-Awareness

...life | An exciting life | A sense of accomplishment | A world at peace | A world of beauty | Equality | Family security | Freedom | Happiness | Inner harmony | Mature love | National security | Pleasure | Salvation | Self-respect | Social recognition | True friendship | Wisdom | Six of these 18 values (listed by important order) that are most important to me are - Family security - True friendship - Happiness - Social Recognition - A sense of accomplishment - Self-respect A list of 6 values those are least important: - Salvation - An exciting life - A world of peace - A world of beauty - Mature love - National security Part II. Interpretation Paper As I mentioned above, in my point of view, six values which are the most important to my characteristic development and decision making are family security, true friendship, happiness, social recognition, a sense of accomplishment and self-respect. Otherwise, selecting six least important values is a complicated task because the list of 18 values is all what everyone desire to reach. Fortunately, the classification becomes much easier according to which factors I need to consider first to come decisions and how I define “success”. Salvation, an exciting life, a world of peace, a world of beauty, mature love and national security are 6 least critical factors when I have to make decisions. I believe that people’s surroundings create the......

Words: 2427 - Pages: 10

Banking Awareness

...Banking Awareness Study Material Shared by Rajesh Kumar and Bhavya Vadudevan www.Gr8AmbitionZ.com your A to Z competitive exam guide Page 1 Banking Awareness Study Material - powered by Gr8AmbitionZ.com Indian Banking Structure a) b) c) d) e) Central Bank (RBI) Specialised Banks Commercial Banks Development Banks Co-operative Banks Specialised Banks: NABARD: National Bank for Agriculture and Rural Development. This bank is meant for financing the agriculture as well as rural sector. It actually promotes research in agriculture and rural development. EXIM Bank: Export Import Bank of India. This bank gives loans to exporters and importers and also provides valuable information about the international market. If you want to set up a business for exporting products abroad or importing products from foreign countries for sale in our country, EXIM bank can provide you the required support and assistance. SIDBI: Small Industries Development Bank of India. This bank provides loans to set up the smallscale business unit / industry. SIDBI also finances, promotes and develops small-scale industries whereas IDBI (Industrial Development Bank of India) gives loans to big industries. Gr Commercial Banks: Normal banks are known as commercial banks, their main function is to accept deposits from the customer and on the basis of that they grant loans. (Loans could be short-term, mediumterm and long-term loans.) Commercial banks are further classified into three......

Words: 15906 - Pages: 64

Security

...Security Students Name Institutions Name How to resolve a security issue in a situation where the need for security is great but the available funds are limited Community participation is a very important aspect in enhancing security. Through the community’s leaders individuals can be sensitized on the need to protect each other and also help them to create a ‘we’ feeling in the management of the important resources in a region. This will enable the community members to identify with the resources and wealth of a region and hence strive to protect it by all means. Governments and administrative officials should also involve the locals in making of decisions that are of utmost importance to the people’s welfare (Bakari, Magnusson, Tarimo, & Yngström, 2006). The benefits if personnel in security management develop skills as educators for their organization's security Having high skilled employees who are given the potential to grow their expertise is a great benefit to any organization. An organizations success can often be attributed to individual expertise and skills of its employees. The benefits are as follows: 1. Cuts on the costs of hiring external consultants; many organizations spend a lot of money in hiring third party consultants to cover essential tasks within the organization such as periodic network vulnerability scans and developing security programs. The cost of sending employees to the requisite training may be relatively cheaper (McCoy &......

Words: 1066 - Pages: 5

Security

...Security Students Name Institutions Name How to resolve a security issue in a situation where the need for security is great but the available funds are limited Community participation is a very important aspect in enhancing security. Through the community’s leaders individuals can be sensitized on the need to protect each other and also help them to create a ‘we’ feeling in the management of the important resources in a region. This will enable the community members to identify with the resources and wealth of a region and hence strive to protect it by all means. Governments and administrative officials should also involve the locals in making of decisions that are of utmost importance to the people’s welfare (Bakari, Magnusson, Tarimo, & Yngström, 2006). The benefits if personnel in security management develop skills as educators for their organization's security Having high skilled employees who are given the potential to grow their expertise is a great benefit to any organization. An organizations success can often be attributed to individual expertise and skills of its employees. The benefits are as follows: 1. Cuts on the costs of hiring external consultants; many organizations spend a lot of money in hiring third party consultants to cover essential tasks within the organization such as periodic network vulnerability scans and developing security programs. The cost of sending employees to the requisite training may be relatively cheaper (McCoy &......

Words: 1066 - Pages: 5

Security Awareness Training

...Security Awareness Training Jay Phillips GMGT/431 September 14, 2015 Shivie Bhagan Security Awareness Training With the ever increasing use of technology to be more productive and save on materials costs, more and more companies are converting their data electronically. Some data contains customer’s information while other data may contain confidential information about a company and how it operates. Just because data is sitting on a server somewhere in a locked data center or perhaps a company stores all their data in the cloud, it doesn’t necessarily mean that it is safe where it is at. This is why there is a demand for Security Awareness Training. According to Rouse (n.d.), security awareness training is a formal process for educating employees about computer security. Why would educating employees about computer security be so important? There are many different levels of end users and most do not know the first thing about protecting valuable data. Patton Fuller Hospital is an ideal candidate to implement security training with its employees. PFH has multiple sites, including Doctors who connect from home to review patient data. What kind of training should be implemented? General security training should cover topics such as the company’s policies and procedures, who to contact if an employee believes they have identified a security risk or threat, and rules for how to handle confidential information. General security training also has the potential of......

Words: 527 - Pages: 3

Security Awareness Training

...Security Awareness Training Security Awareness Training Paper Patton-Fuller Community Hospital (PFCH) maintains strict confidentiality of their information via four different information systems. Accurate, reliable, and prompt information must be provided to those that need to make decisions based on several predetermine conditions. In a hospital environment, like PFCH, information is predominantly passed via computer systems. Management cannot have the luxury of minimizing the importance of systems security at all levels of their staff. The writer intends to provide a security awareness training plan for PFCH in the following paragraphs (Apollo Group Inc., 2013). Which employees should be trained, why, how, and when? All employees must be trained to protect the confidential information kept in the hospital. That means senior management, employees (regular or temporary), contractors, doctors, nurses, and anyone that has or could gain access to confidential information like partners and volunteers. Information like Personal Identifiable Information (PII), patient records, hospital financial information, staff payroll and personal records, to mention a few, must be protected against physical or electronic attacks. Making all personnel aware of potential threats, vulnerabilities, reporting security breaches and the PFCH security policies deters or makes it difficult for possible data hackers to acquire hospital confidential information (Gregory, 2010). The best......

Words: 607 - Pages: 3

Security

...Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Systems Owners Have Security Responsibilities Outside Their Own......

Words: 93588 - Pages: 375

Security

...Recruiting and Selecting Quality Security Employees for security job position Contemporary Issues in Security Management Abstract For years, recruitment and hiring methods have been deemed by dated by human resource managers but are realizing that different strategies and methods are need to attract millennials. Hiring qualified personnel has become an essential component in an organization foundation. This paper will explore multiple articles that provide techniques on how to recruitment and hire candidates from college graduates, apprentices, and novices to the security profession and presents key components of innovative approaches and traditional human resource techniques, and training policies that will meet any small or large business goal of highly hiring qualified candidates. In addition, it will highlight techniques, practices and, lessons learnt in enhancing a company’s ability to attract, hire, retain, and improve human resource practices, improve human resource development and human resource capabilities in today’s security career field. Keyword: Employees, Hiring, Human Resources (HR), Security Recruiting and Selecting Quality Security Employees in the security field Currently there is a high demand for security professional specializing Cybersecurity, Personnel Security, Physical Security, and Industrial security and many other security jobs. The issue is attracting, hiring, retaining people that......

Words: 3616 - Pages: 15

Security Awareness Proposal

...to for effective communications, and increase security awareness in the organization. Please be sure to create this portion of the final proposal with all elements in mind as you prepare this portion. Final Course Project Proposal (22%) You have been hired as the new protection officer for ESL Inc. ESL Inc. has a large facility over 900 employees can be in at any given time. The organization has core hours from 8 AM to 6 PM but workers arrive at the organization as early as 6 AM and leave as late as 9 PM. The organization has 3 guards that work core hours only, posted at the front entrance to the building. Employees have badges that have their picture and key cards that let them in the building. The security guards open the door and check badges in the event a key card does not work. There is no security to prevent users from getting on the grounds, the front of the organization is off a major highway, and the back of the plant is backs up to acres of undeveloped woods. ESL Inc was just awarded a federal contract and after the site visit they were told they would lose the lucrative contract if they did not make their organization secure. As the new protection officer, you are to create a comprehensive proposal to make the facility secure which includes the following elements: * New adequate security staffing levels and shifts * Effective plan to increase communications * Plan to raise security awareness in the organization * Automation......

Words: 368 - Pages: 2

A Family for the Holidays | Paranormal Activity The Marked Ones 2014 EXTENDED | Smart Grids