Security awareness programs, computer science homework help

Security awareness programs are designed to educate users on the security policy of an organization. The goals for a security awareness program should include not only education about the organization’s security policy but should help to foster an understanding of how the policy protects the business, the employee, and customers (Johnston, 2001). In today’s business surroundings, data security and insurance of data resources are crucial to the long haul accomplishment of all associations; data is an indispensable business resource. Information technology (IT) systems connect every internal department, and also connect the organization with myriad suppliers, partners, customers, citizens and others (City of Winnipeg, 2008).

Red Clay Renovations will hire an IT Security Consulting firm to conduct the assessment of Red Clay Renovations Information Security Awareness policies. This audit will be of importance to assess the awareness of management and staff regarding Red Clay Renovations IT Security policies; to assess the understanding of management and staff relating to Red clay Renovations IT Security policies; and to recognize the strategic improvement opportunities when the audit will be conducted.  

This audit will be conducted at each individual field office and the operations center. The IT Security Consulting firm will work with the Chief Information Security officer (CISO) and Field Office Information Systems Security Officer (ISSO) to determine the scope of the audit. Factors to consider include the site business plan, the type of data being protected and the value/importance of that data to the client organization, previous security incidents, the time available to complete the audit and the talent/expertise of the auditors. This will help each of the ISSOs with the scope of the audit being clearly defined, understood and agreed to by Red Clay Renovations.

Once the scope is understood the auditors will develop a plan. It will cover how it will be executed, with which employees, and utilizing specific tools. After the plan has been developed, a discussion with Red Clay Renovations will begin to discuss the objective with the site ISSOs to go over the calculated points of interest, such as the time of the audit and which site staff might be included and how the review will influence day-to-day operations. During the audit, a collection of data about the physical security of computer assets and perform interviews of site staff will incur. Auditors may perform network vulnerability assessments, operating system and application security assessments, access controls assessment, and other evaluations (Hayes, 2003).

After completion of the employee awareness audit, the IT security firm will have the auditors ready to guide the audited site staff in correcting deficiencies and help measure the success of these efforts (Hayes, 2013). The CISO and ISSOs will continually supervise deficiencies that have turned up by the audit until completely corrected. Awareness is something that employees need to know and would usually be part of the initial job orientation/induction. For some activities, it won’t be obvious how they affect the customer and quality management or affect safety or environmental impacts (Quality Systems Toolbox, n.d.). Having an outline of procedures (e.g. a procedure guide) and top level process documentation can characterize where activities fit. Roles and responsibilities change after the course of time and employees grow new aptitudes, Red Clay Renovations will conduct the audit annually to eliminate risks.

References:

City of Winnipeg. (2008). Assessment of Information Security Awareness (1st ed., pp. 5-9). Winnipeg: City of Winnipeg. Retrieved from http://www.winnipeg.ca/audit/pdfs/reports/ITSecurityAwareness.pdf

Hayes, B. (2003). Conducting a security audit: An introductory overview. Retrieved 11 October 2016, from http://www.symantec.com/connect/articles/conducting-security-audit-introductory-overview

Johnston, M. (2001). Security Awareness Training and Privacy (1st ed., pp. 2-4). Sans Institute. Retrieved 11 October 2016, from https://www.sans.org/reading-room/whitepapers/awareness/security-awareness-training-privacy-394

Quality Systems Toolbox. (n.d.). ISO 9001 Quality Systems Toolbox – Training, Awareness, and Competence. ISO 9001 Quality Systems Toolbox. Retrieved 11 October 2016, from http://www.qualitysystems.com/support/pages/training-awareness-and-competence