Running head: Cybersecurity 1

Cybersecurity
Name
Institution of Affiliation
Cybersecurity 2

The security awareness program is very important to any institution, company or

organization for its full functionality regards to today’s technology situation. For an organization

to develop a strategic security plan, several factors are taken into consideration. Some of the

examples include: After the development of IT system users should be inducted to inform them

of how it is used. One of the factors which could never be overlooked is the security awareness

program, (Awawdeh & Tubaishat, 2014).

1.)

A well-informed security awareness culture is the one that ensures, clients, staff and all

stakeholders are well informed with best practices, outlines how security threats may be

managed and ensure security guidelines or policies are adhered to and maintained by everyone.

Where management has assembled a dedicated staff, distributed functions amid trained staff.

Training of staff by management on personal roles, security roles, systems and how to avoid

certain risks. Where staff are educated about online threats and tend to be sensitive to ensure

security is not breached. Management, clients, and staff are working towards keeping their data

safe by following the security awareness program proposed by the organization, (Aloul, 2012).

2.)

Perhaps the most common one, a computer virus written program that alters how

computer functions without consent or knowledge of the user, usually cause damage to the

computer. It can be avoided by careful evaluation of emails from unknown senders, free

software’s or downloads from peer to peer sharing sites and Installation of updated antivirus

from an approved provider. Hackers and predators are other treats, people creating computer

malware to steal data, identify identity or lock you out. Having online security tools having

identity theft protection is on the way one could avoid these treats. Phishing, where one or
Cybersecurity 3

business pretends to be trustworthy and can end up accessing sensitive data on finance or private

information through malware emails or messages. Antivirus with identity theft protection can be

a solution to this threat, (Rudolph, 2015).

3.)

Measures/ rules/ steps/ guidelines put up to ensure the integrity of a network, its

information, and the electronic devices' immediate environment. They include: Doing a risk

assessment that allows the organization to analyze and classify which network or devices are

more vulnerable and at greater risk. The idea is to reduce the identified vulnerabilities linked to

the communication network and electronic devices. When recruiting new personnel into an IT

place, security guidelines are implemented to ensure the human error is reduced, misuse of

resources and fraud. Security issues are addressed as early as at the start of the hiring process

(application). Polices such as provision IT resources to ensure the appropriate use of

communication devices and networks to facilitate effective performance to their functions.

Additionally authorization to the use of devices to put responsibilities and obligations to persons

using these devices or communication networks. Some organization implement training

procedures to IT users so they are informed of potential security threats when using devices,

therefore ensure precaution and individual responsibility to report any little security incident that

may arise guidelines such as report incidence, manage incidence, collect and share IT

information, developing user awareness, defining user responsibilities are common amongst

companies. Other policies that have incorporated include developing disciplinary processes,

network, and device use controls (establishing remote equipment management), developing

separate operation facilities, securing external facilities and ensuring procedures used to render

information unrecoverable before it is disposed of, (Fay, 2011).

4.)

First, users of electronic devices and communication networks need to understand their

responsibilities to ensure the integrity of these devices and communication networks is

maintained. A strategic security awareness program requires end-users to understand the

intended use of devices and networks and act accordingly. Users should be able to respect the

integrity of a communication network system and comply with the supposed use of devices or

networks. Exercise of caution when using devices to ensure programs do not interfere with other

users, violation of the privacy of others while using any communication network or device

(network traffic is considered private, no monitoring of network information of others), network

users are not allowed to alter or modify the device and network security features, (Sari et al.,

2014).

5.)

Most basic, unauthorized persons should not any time have access to critical information. The

use of a firm authentication based program is important to verify and identify users accurately

who is handling information. Moreover, access control is necessary to only permit those that are

authorized only access their data. Information should be secured while on transit to avoid

interception or tampering, therefore secure routes should be deployed between end-users. To

ensure information is not exposed through exploits or Trojan horse’s management tools are

necessary. Anti-virus systems and personal firewalls. Also, encryption should be placed as the

first line of protection against access through back up tapes or hard drives, (Wu et al., 2012).

6.)

An information technology disaster recovery plan should be created together with the

business progress program. When analyzing the business impact, priorities and time of recovery
Cybersecurity 5

aspects of information technology are supposed to be developed to guide the recovery process. A

company should configure itself such that it can access different facility (more than one) this

because if data is put at variable sites and is lost, it can be retrieved from an alternate site.

Besides vendor supported recovery strategies can be used (hot sites) where subscribers (vendors)

manage and host security services on behalf of the organization. If an outage occurs for a client

the vendor stores the data until client data is restored. Also, an organization can put up an IT

recovery plan, which starts by keeping a record of all hardware (laptops, servers and wireless

devices), data and any applications. This plan also ensures all crucial data is backed up,

(Abawajy, 2012).

7.)

Greatest and common security risks regard to cybersecurity are found within an

organization, those caused by employees' negligence that could lead to several threats if caution

is not practiced. these risks include loss of data completely, leakage of data or information to the

general public or unauthorized users, lack of services (maybe due to a misconfiguration),

exposure of information to external attacks like theft. Leakage of passwords could expose

competitive information. A company can also be at risk of hijack and phishing, (Kim, 2013).
Cybersecurity 6

References

Abawajy, J. (2012). User preference of cyber security awareness delivery methods.

Behaviour & Information Technology, 33(3), 237-248.

Aloul, F. A. (2012). The need for effective information security awareness. Journal of

Advances in Information Technology, 3(3).

Awawdeh, S. A., & Tubaishat, A. (2014). An information security awareness program to

address common security concerns in IT unit. 2014 11th International Conference on

Information Technology: New Generations.

Fay, J. J. (2011). Employee awareness program. Contemporary Security Management, 389-

395.

Kim, E. B. (2013). Information security awareness status of Business College:

Undergraduate students. Information Security Journal: A Global Perspective, 22(4),

171-179.

Rudolph, K. (2015). Implementing a security-awareness program. Computer Security

Handbook, 49.1-49.47.

Sari, P. K., Candiwan, & Trianasari, N. (2014). Information security awareness measurement

with confirmatory factor analysis. 2014 International Symposium on Technology

Management and Emerging Technologies.

Wu, Y. A., Guynes, C. S., & Windsor, J. (2012). Security awareness programs. Review of

Business Information Systems (RBIS), 16(4), 165-168.