Security Awareness Program Report Assignment
Using the organisation, context and risk profile documented in Continuous Assessment 1 (attached as Continuous assessment 1 word file), write a report detailing the approach you would take to designing, developing and implementing an effective security awareness program for this organisation, based on the following scenario:
Your organisation has identified that its people are their best line of defence against the rising threat of cyber-attacks.
As the Cyber Security Manager, you have been tasked with developing an ongoing program of security awareness. The key objective is to change the behaviour of all employees to be aware of the various cyber threats and know how to take appropriate action to protect, detect and respond to security incidents.
Recent security incidents within the organisation have been traced back to human error and have given rise to the following security events:
1. Phishing email which resulted in the loss of credentials of a sensitive system.
2. Ransomware infection which resulted in business disruption to a key business unit.
3. Data breach of personally identifiable information which resulted in a data breach notification to impacted individuals (per the Australian Privacy Act).
In addition to documenting a broad-based program of security awareness, you will need to research and analyse one of these threats and discuss cost-effective awareness measures to mitigate against them, given the context of your organisation.
Finally, as future investment in cyber security is dependent on demonstrating the effectiveness of the security awareness program, you have also been asked to research and document an effective approach to measuring the effectiveness of the overall program.
Note: Any assumptions made about the nature of the existing IT controls at the organisation should be documented in the report.
The report should be written in a professional business language, aimed at the senior leadership/Executive team of your organisation and cover the following areas:
· Executive Summary (including business context)
· Security Awareness Needs Assessment
· Security Awareness Strategy and Plan
· Methods for Delivery of Security Awareness
· Threat Discussion (as chosen above)
· Security Awareness Measures and Metrics
Your report should be 3,000 words (+/-10%) in length. You will need to concentrate on delivering a concise report while ensuring that all relevant topics are covered with consideration of the intended audience.
Article: Building an Information Technology Security Awareness and Training Program by Mark Wilson and Joan Hash.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.
Attachment:- Assignment-Securit-Operations.rar