Essay Available:
You are here: Home → Research Paper → Technology
Pages:
1 page/≈275 words
Sources:
Level:
APA
Subject:
Technology
Type:
Research Paper
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 6.48
Topic:
Employees Security Awareness and Training Based on ISO Standards (Research Paper Sample)
Content:
EMPLOYEES SECURITY AWARENESS AND TRAINING BASED ON ISO 27001 STANDARDS
APA FORMAT
EMPLOYEES SECURITY AWARENESS AND TRAINING BASED ON ISO 27001 STANDARDS
Name
Professor
Institution
Date
EMPLOYEES SECURITY AWARENESS AND TRAINING BASED ON ISO 27001 STANDARDS
INTRODUCTION
Creating an information security awareness and training is not a simple task. It’s often a challenging task. (Al-Hamdani,2006) However, providing your personnel or employees with security awareness training they need, ensuring they understand and follow the requirements is an important component of one’s organization business success.
If personals do not know or understand how to maintain confidential information, or how to secure it appropriate, one not only risk having one of most variable assets mishandled, or obtained by unauthorized people, but also risks being in noncompliance of a growing number of laws and regulations that need certain type of information security awareness or training. (JCB,2006)
A film’s security policy or strategy only works well if employees are properly trained on it. Therefore, the importance of providing information security awareness training cannot be understated at any particular time. ( Brodie,2008) Before a discussion on the importance’s of this awareness, the goal of an awareness programs is not merely to educate employees on potential security threats that may rise and what they are supposed to do to prevent them, but a larger goal should be to change the culture of your organization to focus on the importance of security and get a buy-in from the end users to serve as an added layer of defense against any security threat.
Main focus should be to ensure that they get the necessary information they need to secure ones business. An effective security awareness program should run across all departments of any film, providing necessary education on specific threat types. (Kaur,2001)Another important area is to address the importance of password construction.
This seems a minor thing but is not. Password cracking is easier for any advanced hackers. And this password construction step that users take every day makes a significance difference in protecting any film’s sensitive information.
1.1 Importance’s of information security awareness programs.
The best ways to make sure company’s employees will not make costly errors to information security is to institute wide security awareness training programs that may include, hints my personal emails and promotion posters. . (Al-Hamdani,2006) The importances of this awareness include;
Customer trust and satisfaction- Respect for customer security and privacy is an important issues that faces most films and companies. Every day one wakes to headlines of bleached privacy information of a particular individual. Everyone wants to know how companies and films are doing to safeguard personal identities of their customers. For example banks, customer’s tends to open bank accounts on banks their feel that their information would be kept private between the two parties and no other third user would gain access to it( Brodie,2008)
Protect sensitive information- Each and every organization or company has sensitive information that is not to be disclosed to unauthorized personnel, this may include specific employees in the
EMPLOYEES SECURITY AWARENESS AND TRAINING BASED ON ISO 27001 STANDARDS
film. For example a company has competitors, the two try to get each other sensitive information so as to beat the other. They even send some employees to competitor companies to act as spies and try to get hold of the information. . (JCB,2006)
Due diligence- this is demonstrated assurance that any management of particular film is ensuring adequate protection of corporate assets like information and compliance to legal obligations. Examples of this are the federal sentencing guidelines and recent amendments that establish compliance programs and exercise due diligence.
Accountability- Everyone understands that if their performances are being measured, then they would do them effectively since these measures can be used as impacts to their careers within the films or companies. (Hinson,2003)For example if a film starts security and privacy compliance and connects this to their employee’s performance, then everyone would be accountable to the rules and comply with them.
1.2 Impact of user awareness and training on company’s information security
From any awareness or training there are consequences that come behind them. From the training some impacts always emerges from it these includes:
Employees develop a tendency to comply with companies’ information security policies. This becomes a crucial plus for any management. Once the awareness is carried out within the organization, understood by employees then they comply very well with the policies involved. (JCB,2006)
Weak password usage also decreases. Employees that used simple passwords construction, those prone to hacking starts to use complex password that have high security control. This also acts a milestone development to that company or organization.
There is growth of participation on the information security controls and mechanisms that are included in the awareness components. (Alageel,2003)Fear that the employees had concerning the security, now become the talk among them.
The importance’s discussed above may also act as impacts after a successful awareness on information security awareness programs.
1.3 Human resource security.
Here we discuss some of procedure followed to make human resource security a success. They include: Objectives, roles, screening, terms and conditions of employment, information security awareness education, disciplinary process, termination responsibilities, and return of assets and removal of access rights. . (Alageel,2003)
EMPLOYEES SECURITY AWARENESS AND TRAINING BASED ON ISO 27001 STANDARDS
The objective of this should be to reduce the risks of thefts, fraud or misuse of information facilities by employees or a third party involved.
Security roles and any responsibilities should be defined and documented with organization privacy and security policies. . (Hinson,2003)These roles and responsibilities include:
Reassignment of responsibilities to particular individuals for actions to be taken where applicable and with appropriate sanctions.
To report any security events, or any other risk within the organization and its assets.
To protect all information assets from unauthorized access, use, modification, any disclosure or destruction.
The last is requirements to act in accordance with organization’s policies, execution of all processes or activities allocated to individual. (Alageel,2003)
. Screening
There should be appropriate screening for all candidates or third party. This user screening should be carried by the organization. The process includes: taking into account all privacy, protection of personal data and any other related employment registration. Components like identity verification, curriculum verification and criminal records check should take place. (JCB,2006) Also to take into account the classification of information facilities to be accessed and risks that might be involved.
. Terms and conditions for employment
Any employee or third party should agree to sign a statement of rights and responsibilities as per organization requirements, including respect to information privacy and security. These may include the scope of access and other privileges the person will have, with respect to the organizations information processing facilities and procedure of handling sensitive information.
. Information security awareness education
Any employee or a third party should receive relevant awareness training and regular updates of organization policies and procedures relevant to each job function. The training should start with a formal induction process that are designed as per security polices of the organization and expectation before any access to information. . (Hinson,2003)The training should include all security requirements, legal responsibilities and business controls, as well as training in the correct use of information processing facilities.
EMPLOYEES SECURITY AWARENESS AND TRAINING BASED ON ISO 27001 STANDARDS
. Disciplinary process
There should formal disciplinary process for all employees who have committed to security breach. These can include requirements like appropriate standards to initiate investigations, disciplinary proceedings that observe reasonable requirements for processes, including specifications of roles and responsibilities and standards for collecting evidence.
. Termination responsibilities
Employment terminations or change of employment should be clearly defined and assigned. It should include termination that ensures removal of access to all information resources process that ensures appropriate information of persons changed status. (Hinson,2003)
. Return of assets
After termination, employees or third party should return all organization or film information and physical assets in their possessions. It includes; return of organizations hardware, software and data media or a formal return or destruction of data of any kind that concern that particular organization. ( Brodie,2008)
. Removal of access rights
Upon termination, access to rights to information and information processing facilities should be terminated too. This is to prevent access to any information about that particular organization again.
1.4 Planning and implementing the program.
People are termed as the weakest link in an information security program. Either through intentionally or accidental misuse...
APA FORMAT
EMPLOYEES SECURITY AWARENESS AND TRAINING BASED ON ISO 27001 STANDARDS
Name
Professor
Institution
Date
EMPLOYEES SECURITY AWARENESS AND TRAINING BASED ON ISO 27001 STANDARDS
INTRODUCTION
Creating an information security awareness and training is not a simple task. It’s often a challenging task. (Al-Hamdani,2006) However, providing your personnel or employees with security awareness training they need, ensuring they understand and follow the requirements is an important component of one’s organization business success.
If personals do not know or understand how to maintain confidential information, or how to secure it appropriate, one not only risk having one of most variable assets mishandled, or obtained by unauthorized people, but also risks being in noncompliance of a growing number of laws and regulations that need certain type of information security awareness or training. (JCB,2006)
A film’s security policy or strategy only works well if employees are properly trained on it. Therefore, the importance of providing information security awareness training cannot be understated at any particular time. ( Brodie,2008) Before a discussion on the importance’s of this awareness, the goal of an awareness programs is not merely to educate employees on potential security threats that may rise and what they are supposed to do to prevent them, but a larger goal should be to change the culture of your organization to focus on the importance of security and get a buy-in from the end users to serve as an added layer of defense against any security threat.
Main focus should be to ensure that they get the necessary information they need to secure ones business. An effective security awareness program should run across all departments of any film, providing necessary education on specific threat types. (Kaur,2001)Another important area is to address the importance of password construction.
This seems a minor thing but is not. Password cracking is easier for any advanced hackers. And this password construction step that users take every day makes a significance difference in protecting any film’s sensitive information.
1.1 Importance’s of information security awareness programs.
The best ways to make sure company’s employees will not make costly errors to information security is to institute wide security awareness training programs that may include, hints my personal emails and promotion posters. . (Al-Hamdani,2006) The importances of this awareness include;
Customer trust and satisfaction- Respect for customer security and privacy is an important issues that faces most films and companies. Every day one wakes to headlines of bleached privacy information of a particular individual. Everyone wants to know how companies and films are doing to safeguard personal identities of their customers. For example banks, customer’s tends to open bank accounts on banks their feel that their information would be kept private between the two parties and no other third user would gain access to it( Brodie,2008)
Protect sensitive information- Each and every organization or company has sensitive information that is not to be disclosed to unauthorized personnel, this may include specific employees in the
EMPLOYEES SECURITY AWARENESS AND TRAINING BASED ON ISO 27001 STANDARDS
film. For example a company has competitors, the two try to get each other sensitive information so as to beat the other. They even send some employees to competitor companies to act as spies and try to get hold of the information. . (JCB,2006)
Due diligence- this is demonstrated assurance that any management of particular film is ensuring adequate protection of corporate assets like information and compliance to legal obligations. Examples of this are the federal sentencing guidelines and recent amendments that establish compliance programs and exercise due diligence.
Accountability- Everyone understands that if their performances are being measured, then they would do them effectively since these measures can be used as impacts to their careers within the films or companies. (Hinson,2003)For example if a film starts security and privacy compliance and connects this to their employee’s performance, then everyone would be accountable to the rules and comply with them.
1.2 Impact of user awareness and training on company’s information security
From any awareness or training there are consequences that come behind them. From the training some impacts always emerges from it these includes:
Employees develop a tendency to comply with companies’ information security policies. This becomes a crucial plus for any management. Once the awareness is carried out within the organization, understood by employees then they comply very well with the policies involved. (JCB,2006)
Weak password usage also decreases. Employees that used simple passwords construction, those prone to hacking starts to use complex password that have high security control. This also acts a milestone development to that company or organization.
There is growth of participation on the information security controls and mechanisms that are included in the awareness components. (Alageel,2003)Fear that the employees had concerning the security, now become the talk among them.
The importance’s discussed above may also act as impacts after a successful awareness on information security awareness programs.
1.3 Human resource security.
Here we discuss some of procedure followed to make human resource security a success. They include: Objectives, roles, screening, terms and conditions of employment, information security awareness education, disciplinary process, termination responsibilities, and return of assets and removal of access rights. . (Alageel,2003)
EMPLOYEES SECURITY AWARENESS AND TRAINING BASED ON ISO 27001 STANDARDS
The objective of this should be to reduce the risks of thefts, fraud or misuse of information facilities by employees or a third party involved.
Security roles and any responsibilities should be defined and documented with organization privacy and security policies. . (Hinson,2003)These roles and responsibilities include:
Reassignment of responsibilities to particular individuals for actions to be taken where applicable and with appropriate sanctions.
To report any security events, or any other risk within the organization and its assets.
To protect all information assets from unauthorized access, use, modification, any disclosure or destruction.
The last is requirements to act in accordance with organization’s policies, execution of all processes or activities allocated to individual. (Alageel,2003)
. Screening
There should be appropriate screening for all candidates or third party. This user screening should be carried by the organization. The process includes: taking into account all privacy, protection of personal data and any other related employment registration. Components like identity verification, curriculum verification and criminal records check should take place. (JCB,2006) Also to take into account the classification of information facilities to be accessed and risks that might be involved.
. Terms and conditions for employment
Any employee or third party should agree to sign a statement of rights and responsibilities as per organization requirements, including respect to information privacy and security. These may include the scope of access and other privileges the person will have, with respect to the organizations information processing facilities and procedure of handling sensitive information.
. Information security awareness education
Any employee or a third party should receive relevant awareness training and regular updates of organization policies and procedures relevant to each job function. The training should start with a formal induction process that are designed as per security polices of the organization and expectation before any access to information. . (Hinson,2003)The training should include all security requirements, legal responsibilities and business controls, as well as training in the correct use of information processing facilities.
EMPLOYEES SECURITY AWARENESS AND TRAINING BASED ON ISO 27001 STANDARDS
. Disciplinary process
There should formal disciplinary process for all employees who have committed to security breach. These can include requirements like appropriate standards to initiate investigations, disciplinary proceedings that observe reasonable requirements for processes, including specifications of roles and responsibilities and standards for collecting evidence.
. Termination responsibilities
Employment terminations or change of employment should be clearly defined and assigned. It should include termination that ensures removal of access to all information resources process that ensures appropriate information of persons changed status. (Hinson,2003)
. Return of assets
After termination, employees or third party should return all organization or film information and physical assets in their possessions. It includes; return of organizations hardware, software and data media or a formal return or destruction of data of any kind that concern that particular organization. ( Brodie,2008)
. Removal of access rights
Upon termination, access to rights to information and information processing facilities should be terminated too. This is to prevent access to any information about that particular organization again.
1.4 Planning and implementing the program.
People are termed as the weakest link in an information security program. Either through intentionally or accidental misuse...
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Other Topics:
- Iran's Nuclear Weapon and Negotiation with AmericaDescription: Iran and their nuclear weapons has been a major discussion in the last one decade. This research paper makes an effort to enlighten the reader on the history of the Iran nuclear program...20 pages/≈5500 words| APA | Technology | Research Paper |
- Commercial Solutions for Classified Program and Bit-defender Sphere and Windows DefenderDescription: Since their invention, computers have played a significant role in connecting individuals around the world. Computers are used for paying bills, shopping, banking among other services. People get connected to their friends and family through social networking and email, surfing, and much more. As much as people...10 pages/≈2750 words| APA | Technology | Research Paper |
- Social Media and EducationDescription: It was revealed that some of the online learning programs have embraced social media such as Facebook and twitter to communicate between tutors and students....4 pages/≈1100 words| APA | Technology | Research Paper |
