Your organization has the following statements regarding phishing/social engineering in the employee manual: All employees are required to complete annual security awareness training as provided by the Information Security team. Employees must successfully complete the training and achieve an established minimum score on any quizzes associated with the training. The organization will conduct routine evaluations of the effectiveness security awareness training through simulated phishing tests. Employees that incorrectly identify simulated phishing emails must complete additional security awareness training and their manager will be notified. If an employee incorrectly identifies 3 or more simulated phishing emails, additional action may be taken by the employee’s manager, up to and including termination. Employees are required to report any suspicious emails to the organization’s Information Security team using the Suspicious Mail button located in the organization’s email program. Employees clicking on malicious links will be required to complete additional security awareness training. Repeated occurrences will be subject to additional personnel action as determined by the employee’s manager and HR. The top salesperson in the organization (who brings in 22% of the company’s net sales) has completed the security awareness training but has failed 4 of the last 5 phishing tests and clicked on 3 bad links in the past 6 months. If you were the CIO, how would you address the situation?
Your organization has the following statements regarding phishing/social engineering in the employee manual: All employees are required to complete annual security awareness training as provided by the Information Security team. Employees must successfully complete the training and achieve an established minimum score on any quizzes associated with the training. The organization will conduct routine evaluations of the effectiveness security awareness training through simulated phishing tests. Employees that incorrectly identify simulated phishing emails must complete additional security awareness training and their manager will be notified. If an employee incorrectly identifies 3 or more simulated phishing emails, additional action may be taken by the employee’s manager, up to and including termination. Employees are required to report any suspicious emails to the organization’s Information Security team using the Suspicious Mail button located in the organization’s email program. Employees clicking on malicious links will be required to complete additional security awareness training. Repeated occurrences will be subject to additional personnel action as determined by the employee’s manager and HR. The top salesperson in the organization (who brings in 22% of the company’s net sales) has completed the security awareness training but has failed 4 of the last 5 phishing tests and clicked on 3 bad links in the past 6 months. If you were the CIO, how would you address the situation?
Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
Related questions
Question
- A policy conundrum
Your organization has the following statements regarding phishing/social engineering in the employee manual:
- All employees are required to complete annual security awareness training as provided by the
Information Security team. Employees must successfully complete the training and achieve an established minimum score on any quizzes associated with the training. - The organization will conduct routine evaluations of the effectiveness security awareness training through simulated phishing tests. Employees that incorrectly identify simulated phishing emails must complete additional security awareness training and their manager will be notified. If an employee incorrectly identifies 3 or more simulated phishing emails, additional action may be taken by the employee’s manager, up to and including termination.
- Employees are required to report any suspicious emails to the organization’s Information Security team using the Suspicious Mail button located in the organization’s email program. Employees clicking on malicious links will be required to complete additional security awareness training. Repeated occurrences will be subject to additional personnel action as determined by the employee’s manager and HR.
The top salesperson in the organization (who brings in 22% of the company’s net sales) has completed the security awareness training but has failed 4 of the last 5 phishing tests and clicked on 3 bad links in the past 6 months. If you were the CIO, how would you address the situation?
Expert Solution
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
This is a popular solution!
Trending now
This is a popular solution!
Step by step
Solved in 2 steps
Recommended textbooks for you
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education