reply to discussion post below
kendall,
Employee Awareness of IT Security Policies
Introduction
Red Clay Renovation’s CISO is working with the IT Governance Board to restart the company’s security education, training, and awareness (SETA) program. In order to restart this program, the CISO will call for an employee awareness of IT audit. The reason for this audit is SETA activities had fallen into disuse due to a perceived lack of quality and lack of timeliness (out of date materials). Conducting this audit will set the stage for what areas specifically need attention in order to redraft and create policies to implement in regard to the importance of security controls (King, 2019).
Creating an information security and privacy awareness and training program is not a simple task. It is often a frustrating task. It is often a challenging task. And many times, unfortunately, it is often a thankless task. However, providing your personnel with the security and privacy information they need, and ensuring they understand and follow the requirements, is an important component of your organization’s business success. If your personnel aren’t aware how to maintain confidentiality of information, or how to secure it appropriately. You also risk damaging another asset, corporate reputation (“Why Information Security Training and Awareness Are Important”, 2019).
Audit Team
The first step is to develop a security awareness task force, which may very well be the bridge between development and corporate introduction. A typical task force put together by the CISO to include individuals from various departments within Red Clay such as IT security, physical security, corporate training, HR, legal, marketing and internal communications. The task force’s first responsibility is to conduct a comprehensive security audit. From this audit, the team, management and organization will understand the current state of corporate security awareness. Such an audit will reveal existing security policies, the level of employee awareness and the security programs in place which we’ve addressed above. Working collectively, the auditors and IT security managers need to discover what end-user systems are operating, who is operating them and how well users are trained. They should evaluate the organization’s current end-user environment and determine whether there are any special circumstances that will require extra security attention, such as remote workers or wireless devices (Kathleen Coe, 2019).
Conducting the Audit
Red Clay’s employee awareness IT audit will be conducted this quarter during normal business hours over the course of three weeks to a month give or take. Our audit will take place at all Red Clay Renovation’s office buildings with all the employees. It will kick off with an initial brief to address the objectives which we’ve also address earlier. Once the audit done a closing briefing will be conducted to go over the findings and recommendations. Lastly, the CISO will follow up with everyone and make sure their aware of where the company did well and where improvement is needed. To conclude thing a follow up in a year will be done to make sure the corrective actions were taken care of and implemented.
References
Kathleen Coe, S. (2019). Employee awareness: The missing link. Retrieved from https://www.computerworld.com/article/2555917/employee-awareness–the-missing-link.html
Why Information Security Training and Awareness Are Important. (2019). Retrieved from http://www.infosectoday.com/Articles/Security_Awareness_Training.htm
King, V. (2019). Red Clay Renovations. Retrieved from https://learn.umuc.edu/d2l/le/content/349440/viewContent/14328302/View