9-1 Final Project Submission: Security Awareness Program Proposal
PROJECT PROPOSAL 1
PROJECT PROPOSAL 3
Security Awareness Program Proposal
Chaston Carter
Human Factors in Security
02/25/17
Security Awareness Program Proposal
In light of my recent move to an organization without a security awareness program, as a chief information security information officer. I have been tasked with drawing a proposal for this organization. The need for this proposal is to implement organizational threats, and a protection awareness program with the potential to help this organization with the appropriate network and IT-enabled devices and security practices. As well, as the need for this proposal is for the identification of likely vulnerabilities of the organization’s system. The overall purpose of this proposal is to address the company’s CEO’s concerns about risks that may be brought about by a breach of the company’s system security.
Based on the above introductory statements, this proposal seeks to highlight on security postures to be addressed by the security awareness program proposal. Likewise, the paper will assess human factors contribution and associated factors within an organization that contributes to the status of security posture. To begin with, security posture refers to an overall plan for system security of an organizational. This is usually from the planning to the implementation stages which comprise of non-technical and technical controls, policies and procedures. Usually, security postures are meant to address policies, communication, user awareness, training, risk assessment, and controls within management practices in an organization’s system security.
With this in mind, the proposal seeks to ratify a security model that conforms to next generation technology. This is a view of addressing threats that may come by in the future at elevated levels. Additionally, based on security posture the proposal seeks to align initiatives towards security on the requirements of the organization. Likewise, the need to develop a culture of security accountability and inclusion will be drafted. Moreover, this model will include other factors that are often overlooked such as time, resources and the human element. Nevertheless, the major concentration will be on the human element.
The human element is a phenomenal threat to an organization’s system security. This may be through mistakes or lack of an understanding by the employees of their role in supporting security procedures and processes. In this light, this proposal seeks to recommend a model for analyzing the role of human factors in an organization’s security. This is for the use of the goal-driven risk management and force field analysis methods of human factor analysis. Likewise, the proposal will offer more insight on how changing behaviors, attitudes, and beliefs of employees may improve the security posture of an organization’s information system. As well, the proposal will highlight the importance of information sharing and effective training programs whose aim is in reducing the risk of lack of understanding and human error in an organization’s information security.
However, despite looking at the human factor, this proposal seeks to reflect at other aspects within the organization that has a contribution to security posture. This is beyond the scope of social and human elements. These factors are organizational policies, organizational culture, and management philosophy which expediently play a huge role in shaping the security posture of an organization’s security posture.