CYB200 Project One Case Study-TRQ
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
200
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
5
Uploaded by ChancellorNightingale2248
1
Security Awareness Training for Fizza Cola
Tiffany Rudman Quinn
Southern New Hampshire University
CYB 200: Cybersecurity Foundations
Dr. Linda Hamons
October 8, 2023
2
In reviewing the Fizza Cola case study, there are apparent gaps within the security awareness related to human factors. These gaps are:
The frequency of mandatory security awareness training is currently undefined.
The audience of the training is currently undefined. In order to maintain the integrity and safety of the network and any data, we need to make Fizza Cola a more security aware organization. This would benefit employees, customers, and Fizza Cola as an organization. We need to first implement a mandatory security awareness training that should occur every six months. This could be monitored via a security training program that employees use to go through scenarios, readings and information and at the end, must take a quiz on the content of each training. Based on scores achieved by users, we could have additional trainings offered to those who failed the content quizzes. The audience of these trainings should be every employee. Employees are one of the first lines of defense in preventing hackers from gaining access to an organizations network, but they are also the ones hackers will use as an entry point into an IT infrastructure. Employees need to be made aware of what these threats could do to the organization and ways they can prevent leaks or hacks from happening. Fundamentals in Information Security (2021) notes security awareness training done annually will “remind staff about proper handling of private data and drives awareness of the orgainzation’s framework of security policies, standards, procedures, and guidelines” (p.43). Next, we need to define what the content of these training modules would be. With the concern over the phishing emails and the installation of malware on their network, this should be
a main topic discussed. This would enable staff to be aware of emails that look suspicious and
3
what to look for to identify if it is phishing or not. We could also utilize the Phishing Alert app within the company email. By not addressing these concerns, you are allowing the organization to fail. Employees will not want to work where data is not secure and protected, the company could face legal and financial issues if Fizza Cola was to have a major security breach. A legal factor that relates to a security gap, is not knowing if Fizza Cola’s data falls into a
category that is protected by a law or regulation. Employee data and customer data could be at risk if it is not secured and protected based on data protection guidelines. Another legal factor to consider is the financial burden a lawsuit could create if employee and/or customer data is stolen due to a breach. Ensuring that your infrastructure is secure is a major preventative measure. The executives are concerned with trade secrets and copyright infringement on intellectual property. Training on intellectual property should be included in the organization’s security training. Failure to do so would lead to financial loss, customer dissatisfaction and possible legal implications from their customers. The Information Security Policy should also advise how to report an instance of a breach and how the organization will respond to such instances. The Policy should also include how to respond when different types of threats happen and what the system response should be based on the regulations they follow. Failure to notify about a security
incident could lead to the organization closing or going out of business. A proactive security mindset benefits all levels of Fizz Cola’s organization. According to a blog on security awareness training from cybsafe.com, we can create a culture of security by “building security values into the fabric of” our organization. All employees, from the top down, will have the same amount of training and engagement in combating security incidents. The IT team will be constantly updating and changing training as the threats change. As the hackers become smarter in their acts, we must be proactive in our response to new ways of potential risks
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
to our infrastructure. Also minimizing risk of a security incident by keeping access levels to only what access the employee needs to do their job. If all employees keep security on the top of their mind, it will prove to be a great defense against internal and external threats.
5
References:
Kim, David, and Michael G. Solomon.
Fundamentals of Information Systems Security
, Jones & Bartlett Learning, LLC, 2021.
ProQuest Ebook Central
, https://ebookcentral-proquest-
com.ezproxy.snhu.edu/lib/snhu-ebooks/detail.action?docID=6741186.
(2023). Security Awareness: 7 reasons why security awareness is important in 2023. 7 reasons why security awareness training is important (cybsafe.com)