Cybersecurity program

profiletukaz2005
Cybersecuritytraining.docx

Running head: CYBERSECURITY TRAINING 1

CYBERSECURITY TRAINING 2

Student Name

School NAME

Date

CYBERSECURITY TRAINING

Building a culture that values cybersecurity is an essential part of reducing cybersecurity threats. To accomplish this, everyone must adopt a new mindset. Involved workers are more likely to adhere to the company's security policies in their day-to-day activities and decision-making. You can reduce cyber risks and improve compliance by incorporating security best practices into your employees' daily routines. Cybersecurity fosters an atmosphere in which good cyber hygiene becomes common practice, allowing the entire organization to operate more securely with less effort, freeing up time and energy to focus on its core business (Nel & Drevin, 2019). The aims of a cybersecurity culture must be strategic, aligned with the organization, and risk based. You must know how your company's present cyber security culture appears. You must investigate how your lived culture, mission, and values affect how people engage with cyber risk.

There are different types of cybersecurity risks, which include malware, ransomware, and crypto jacking. Malware is the most prolific and common type of security threat. Malware occurs when an undesirable program or software application hijacks a target system and starts acting strangely. This includes preventing users from accessing applications, destroying data, data theft, and spreading to other computers. Malware can be avoided by the use of the latest anti-malware programs (anti-virus) as well as recognizing suspicious files, links, and websites. Ransomware is a type of malware that is usually installed on the user's system or network and prevents access to functionalities until a "ransom" is paid to the third party. Ransomware can be prevented by the use of anti-virus. The user should always ensure that their anti-virus software is always updated since once ransomware is installed; it becomes a challenge to remove it. Crypto-jacking is an effort to infect a system with malware that forces it to engage in "crypto-mining," a popular method of earning crypto-currency. Unsecure systems can be infected by this virus, as well as others. It's used since crypto-mining necessitates a lot of hardware. Crypto-jacking can be avoided by keeping all the software updated.

Some of the policies that have been developed for critical electronic devices and communication networks include the acceptable use policy (AUP), information management policy (IMG), access control policy (ACP), and email/communication policy. An AUP specifies the limitations and procedures that an employee using IT resources of the business must accept to access the company's network. It's standard procedure for new hires to go through this process. AUP must be reviewed and signed by the user before a network ID can be issued. This document's rules and principles must be followed by everyone who uses information technology resources within the company or on its network systems, due to the company's main information security policy. There are several methods described in the ACP for giving employees access to a company's information and data system(s). A company's email policy is a formal document that outlines how workers can end up making use of the company's selected electronic communication link. Employees will be provided with guidelines on ethical and unethical uses of organization telecommunications under this policy.

An organization should have proper use of critical electronic devices and communication networks. Install any software updates as soon as they are available from the vendor of your device. By putting them in place, you're making it harder for hackers to exploit known issues or flaws. Use password protection on your devices. Choose complex passwords that are difficult to crack, and use a unique password for each program and gadget you use. If you're storing sensitive data, like financial or private data, check to see if you have the choice to encrypt it. By encrypting files, you make sure that even if someone has physical access to them, they can't view the data. Bluetooth, for example, is a wireless technology that can be used to link cellphone devices and computers. When not in use, turn off these options.

While handling information, we are required to adhere to a slew of rules and policies. For example, it's not uncommon for sensitive documents to require two levels of access control. Dual control is a mechanism that necessitates the consent of other managers before a crucial document can be retrieved. These needs can be met with the help of technologies like selective encryption plans, user authentication, and model control techniques. Also, critical information needs tight security against landing by unauthorized users. Several security technologies must be integrated to establish a critical infrastructure for communicating information and protect it from being exposed. For example, strong authentication consisting of multiple factors is needed to successfully make sure the people with whom we exchange critical information. Every company should have malware detection and prevention software installed to protect its data (Cichonski et al., 2012)

An operational plan and a recovery strategic plan for critical electronic systems and communication connectivity work best together. There are a few principles that are used in developing a recovery plan, which includes prevention, which entails a proper backup, detection, which is involved in detecting possible threats and risk, and correction, which entails proper insurance policies. The recovery plan for critical electronic devices and communication networks should include plan goals, recovery procedures, backup procedures, and the restoration process.

There are many risks as well, which result from the insecure behaviors of employees. For example, humans are prone to errors such as forgetting to use backups, which may lead to the loss of data. Additionally, some steal organizational data such as passwords and emails. Only a quarter of data theft is traced to outside intrusions, indicating that most data theft is not the product of an external attack by some cybercrime genius (Tyler, 2016).

References

Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide: Recommendations of the National Institute of standards and technology. Retrieved from:https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjYs9nqkY7zAhWHHxQKHYnyBasQFnoECAYQAQ&url=https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2Fspecialpublications%2Fnist.sp.800-61r2.pdf&usg=AOvVaw30silDnlF3FuLCqAVsK8KV

Nel, F., & Drevin, L. (2019). Key elements of an information security culture in organisations. Information & Computer Security, 27(2), 146-164. Retrieved from:https://www.emerald.com/insight/content/doi/10.1108/ICS-12-2016-0095/full/html

Tyler, J. (2016). Don't be your own worst enemy: Protecting your organisation from inside threats. Computer Fraud & Security, 2016(8), 19-20. Retrieved from:https://www.sciencedirect.com/science/article/abs/pii/S136137231630063X?via%3Dihub