I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
Questions (both questions must be answered):
1. Find an online article (or resource) regarding the importance of security awareness training.
2. Summarize the article.
Security awareness training is incredibly important in protecting, mitigating, and ensuring that employees are complying to company security policies. As we all know in every IT infrastructure, the end users (which is us, the people) are always the weakest link when it comes to IT security. The reason is due to the fact that unlike hardware and software there is no downable anti-virus or firewalls to prevent human error. This is where security awareness training comes in to make the human part of IT more resilient against attacks and to aide them in recognizing a wide variety of attacks and what to do when the time comes. The training will serve as a way to establish the same basic principles that all departments of a company will use (INFOSEC. 2018). Consistently employing the same principles and policies is important in order to have a successful business and to avoid security incidents.
The training will allow employees to be better able to protect the companies assets properly and consistently. With security awareness training, the employees will understand the importance of security policies and how to effectively apply them. Not all employees will come to the company with basic security knowledge which is why security awareness training is important because it helps to fill in the gaps between employees. Phishing and other types of social engineering require the least amount of technical know how while being the most effective. Proper training will help employees recognize these attacks to be able to avoid them.
(INFOSEC. (2018, Aug 17). 10 Benefits of Security Awareness Training. Retrieved from https://resources.infosecinstitute.com/10-benefits-of-security-awareness-training/#gref
Having a security awareness training program is an absolute must in an organization. This program is a formal process that seeks to educate the employees about threats and computer security. Good security awareness programs will give vast education to the employees about policies within the corporate world and procedures that will jointly work together in the information technology world. Employees should be given information about who to contact if there were to encounter a security threat, additionally be taught that data is valuable and should be deemed a corporate asset (Rouse, M. N.d). There are many ways that security awareness can be implemented, some ways could be through computer modules or simply a good classroom setting, either way these types of awareness training are good to help fight against a vast amount of threats.
Regular training is necessary within the organization with a high turnover rate and those who rely heavily on contracts are temporary staff. This in itself confirms how well the program of security awareness is working, it can be very difficult. The common metrics is trending downward, this means there is a number of incidents over a period of time. The NIST which stands for the National Institute of Standards and Technology has excellent templates along with guides for what should go into a security awareness program (Rouse, M. N.d). Why is this important? Due to different threats like corporate espionage, viruses, lack of knowledge from the employees. All of these elements can or will contribute to security risk.
Rouse, M. N.d. Security Awareness Training https://searchsecurity.techtarget.com/definition/security-awareness-training