2 responses Aug 06

Actual work where 2 students given their post on this:
If you could, what would you do to help create a national “security culture,” in which everyone is more knowledgeable and proactive about threats to information security? 

We need to give 2 responses all should have proper APA, citations, and minimum one reference each for both.

Please find the two attachments of two students’ posts.

Note:  Use first line hanging on the responses.

Security Culture

            Cybersecurity is not just the gray areas of machines, applications, and networking it concerns. The problem is also how people deal with computer technology–and what kind of security threat attitude. Your company’s safety culture may have an enormous effect on your cyber protection. Environment regulates the actions.

Finding the motivation, across all facets of life, safety consciousness is critical, not only on the job. This is particularly relevant for today’s culture of phishing, codes, theft, and other social engineering techniques. This is the case today. In keeping workers mindful of security concerns in a broader context, including how their own family and financial interests can be fully protected, they can be further active and personally driven (Kim, 2019).

Form Security Awareness groups, the only moral duty of the security team, often under-personalized and time restricted, is to promote security awareness. By involving other different departments or branches, people without security can be helpful in the program’s eyes, ears and voice (Matt, 2019).

Security Development life cycle, The Efficient Security Philosophy is based on a secure development lifecycle (SDL). An SDL is your institution’s application and device development phase and tasks. It covers such activities as security requirements, modeling threats and safety testing. Safety culture is answered by SDL. It is a philosophy of environmental health at work (Chris, n, d).

Public recognition of achievements is important to making people feel appreciated and quick to achieve through the intranet, reports, corporate marketing materials and leadership acknowledgement. These techniques may be favored over financial incentives like coupons or extra money off payments. Staff anticipate certain benefits and could even lose interest if stopped, maybe because the bonus fund is eliminated.

Align to business needs, Security is not the primary reason why most workers are working, although it is critical for their company. Consequently, instead of recommending being too rapid and too all-embracing, target specific gradual targets. Recognize the habits the company desires, so that workers can know the importance and interest of maintaining the enterprise.

References

Matt, M. (2019, January 30). Fours Tips for building a strong Security Culture in your organization. Retrieved from

Four Tips for Building a Strong Security Culture in Your Organization

Kim, C. (2019, October 9). How to Create a security culture in your company. Retrieved from

https://cybersecurity.att.com/blogs/security-essentials/security-culture

Chris, R. (n, d). 6 ways to Develop a Security Culture from top to bottom. Retrieved from

https://techbeacon.com/security/6-ways-develop-security-culture-top-bottom

Security Culture: Awareness

Advancements technology has had numerous advantages to society. However, there are many risks associated with technology that pose significant threats to data. Given a position where I would have the power to create a national culture on security, I would put in significant resources on awareness. Awareness is defined as an interest in a given situation or trend. Individuals are better placed if they get training on awareness. With awareness, I believe that individuals will be better placed to be more knowledgeable and, at the same time, proactive on the threats to information security.

The advantages that organizations will accrue with awareness by training include having a culture that is focused on security. With adequate training, employees will tend to understand the various threats that an entity may face (Ki-Ares et al., 2017). A perfect example will be on aspects such as phishing. Once employees understand that third parties can access the entity’s information via their emails, employees will be better placed not to open emails that may lead to the vulnerability of information in an entity. Thus, with awareness, employees will be better placed to realize avenues that may be used by third parties, ensuring that they are more knowledgeable and, at the same time, proactive on the various threats associated with information security.

With awareness, employees are empowered. Employees understand the various threats that information in ana entity may face (Lee et al., 2016). Without awareness, employees may feel that they are not empowered enough to counter such threats. Human errors have always been the leading case to attacks and breaches in various entities. When employees are empowered, they are better positioned to understand the multiple interactions of data, which will ensure that there are fewer errors associated with data. In reducing the errors, companies and organizations are better placed to mitigate risks and thus ensuring at all times that information is safe.

Awareness ensures that employees and the organization’s management are on the same page. With training and awareness, individuals are better placed to understand the goals of an organization. This will ensure that employees follow the set measures by a company and do not impose their own matters aspects such as BYOD, as they will be in sync with the measures that an enterprise has taken in a bid to ensure that there is information security.

In conclusion, training on awareness is an aspect that can ensure at all times that individuals are knowledgeable and, at the same time, proactive on aspects related to information security.

References

Ki-Aries, D., & Faily, S. (2017). Persona-centred information security awareness. computers & security, 70, 663-674.

Lee, H., Jeon, S., & Zeelim-Hovav, A. (2016). Impact of psychological empowerment, position and awareness of audit on information security policy compliance intention. In Pacific Asia Conference on Information Systems (PACIS). Association For Information System.