Login Signup
Verified Document

Nist SP 800 50 Building An Information Technology Security Awareness And Training Program Term Paper

Related Topics:
Program Evaluation Information Technology Team Building Training
Open Document Cite Document

Sequential Label and Supply nist sp 800-50, "Building an Information Technology Security Awareness and Training Program"

Sequential Label and Supply

After a recent failure of the computer systems at Sequential Label and Supply, it has become clear that current security provisions are inadequate

The IT security team is under-funded and understaffed

There is a lack of respect for the IT team

Problems are dealt with as they present themselves rather than are anticipated and prevented

Agency IT security policy

At present, there is no formal security policy and problems tend to be addressed on an ad hoc basis. For example, when a disc brought in by an employee infected all of the computers with a virus, the ability to use such software was disabled: no fundamental reforms were made

Awareness

There is a need to create a consistent, coherent security policy for the entire company, in all roles

Objectives include employee education and the development of a comprehensive security program to insure all employees act responsibly in regards to IT

Recent attacks to the company have placed it on high alert, although there remains a demonstrated reluctance to invest in IT security

Review and updating of materials and methods is required ASAP, as is a company-wide meeting on the topic of security; however training and education of all employees must be integrated into the regular schedule and standard operating processes of the company

Training-education

Role 1: Executives and managers

Learning Objectives

Both executives and managers must understand that IT security is not something that can be confined to the IT staff alone, but must be a pervasive, company-wide effort

Focus Areas

Evaluating priority areas using cost-benefit analysis

Methods/Activities

Parts of this document are hidden

View Full Document
svg-one

Also, informally through emails and company bulletins, the importance of good IT best practices and precautions should reinforced
Evaluation Criteria

Performance can be regularly monitored in regards to IT use to ensure employees are following protocols as well as are meeting the criteria for their job performance (such as a receptionist 'closing' a call swiftly)

Regular questionnaires to evaluate knowledge of staff on IT security

Role 2: IT security staff

Learning Objectives

To create a holistic security plan for the organization which still allows the organization to function effectively

Focus Areas

Instead of 'fixing' problems after they occur, preventative maintenance must be better integrated into the company's standard operating procedures

Methods/Activities

IT staff must monitor and track 'regular' computer activities to compare them against suspicious patterns of use (such as late-night logging in)

Regular simulations of possible attack strategies are required to ensure that defensive strategies stay ahead of the hackers

Schedule

System-wide evaluations should be conducted on a regular basis (for example, every fortnight)

Company-wide meetings to educate all employees on IT-related matters are needed, as…

Continue Reading...
Sources used in this document:
References

Whitman, M. & Mattord, H. (2005). Readings and cases in the management of information security. Cengage.

Wilson, M & Hash, J. (2003). Building an information technology security awareness and training program. NIST. Retrieved from:

http://csrc.nist.gov/publications/nistpubs/800-50/NIST-SP800-50.pdf
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Security Awareness the Weakest Link
Words: 8202 Length: 30 Document Type: Case Study

To offer an information security awareness training curriculum framework to promote consistency across government (15). Security awareness is needed to ensure the overall security of the information infrastructure. Security awareness programs is the can help organizations communicate their security information policies, as well as tips for users, to help keep systems secure, and the practices the entire organization should be utilizing. However, as Kolb and Abdullah reiterate, "security awareness is not

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now