2helpme

Research Methods in Education

May 8, 2017

Introduction

I chose information security awareness in organizations as my topic. Today agencies in the U.S. today have information security as one of the issues needing to be resolved. Most employees have poor education and training about information security and the measures that they would take in cases such a security breach occurs. The workforce needs training on how to handle information in a secure way so as to avoid a compromise in security. Hence, there is a need for training and education of the workforce about security issues of computer systems and information. In this paper, three quantitative and one qualitative research questions that would reflect information security education and training.

What is the general demographic and trend of security threats in computer-based organizations in the U.S.?

The increase of information security threats is rising, and organizations are experiencing more cost as a result of cyber-crimes. Research from Ponemon Institute discovered that there is an increase in cyber crime�s cost to 19% within one year. (Benoliel, 2016). Most of these expenses can be cut by training employees on information security. The trend is also rising as Steve Durbin says, the scale and pace of information security threats continue to rise, endangering the reputation and integrity of trusted organizations. We see an increased sophistication in the threat landscape and with tailored threats to target weaknesses or manipulation of defenses that are in place,� (Security Magazine, 2016).

What are the demographics of insider attacks and employees ignorant to information security?

Research and studies show that most organizations face insider attacks as the primary source of information security breach. These insider attacks are caused by inadequate education and training of employees towards information security. Ponemon institute�s report showed that 70% of healthcare businesses and organizations involved in the study claim employee negligence as the first threat to the security of information. A Federal Times article also argued that every IT professional�s survey and assessment shows at least 50 percent of leaks and breaches are directly attributable to user error or failure to practice proper cyber hygiene.� (Kam, 2015). From these demographics, we see that the threats to information security have risen and most of these threats are associated to employees� negligence � poor education and training on the matter.

What three examples of information security threats of 2016 that can be solved through education and training?

One of the threats that can be addressed through training on the Internet of Things and the bringing your own device (BYOD) vulnerability. Employees can be trained about the maiming security of their devices especially when they are accessing the organization's data. The second one is big data; employees should be trained in handling big data. For instance, they can be trained on encrypting data files and should avoid taking data away from the workplace. Another threat that can be solved through training is on computer use. Employees can be trained on the most secure ways of using computers. For instance, they can be trained to detect and avoid visiting suspicious websites. They can also be educated on using a strong password and change them regularly.

Why increase in technology would rise the need for increased awareness, education and training for information security?

The increase in data technology is associated with the growth in information threats. Under-the-radar information security threats are one of the biggest issues. Technology advances rapid changes make it difficult for companies to keep up with the latest and greatest data protection strategies (Cole, 2015). In the ages where the internet wasn't widespread, the threats to information were minimal as less interconnection and exposure of information to the public network was made. However, as the internetworking and the spread of the Internet grew, it rose to a higher risk of data breaches and threats as the information gets disseminated through the network or the security of the storage servers get compromised through a network.

Moreover, new technology means that there are new ways which hackers can utilize in breaking the security of computer systems and the threat to information. It is evident that the hackers are adapting to new information technology at a higher rate than how employees get to understand and learn the new technology. For instance, the virtual machine technology is a new technology that hackers are using to compromise systems because of their lower level of abstraction. Hence, it is important that the employees of organizations should learn quickly and train on new technology and potential threats.

Conclusion

Information security threats are rising at an alarming rate. As technology grows, the techniques and threats to information rise. Mitigation of threats to information would largely depend on the security measures of employees in organizations. If employees are trained and educated about simple security actions and presented with a security policy, such as password policy, then a huge number of vulnerabilities would be eliminated, and less potential exploitation would be experienced.

References

Cole, B. (2015). Fast-advancing tech makes information security threats tough to grasp. Retrieved from http://searchcompliance.techtarget.com/video/Fast-advancing-tech-makes-information-security-threats-tough-to-grasp

Benoliel, A. (2016). Top cybersecurity statistics for 2016. Retrieved from http://www.marketingcyber.com/2016-cybersecurity-statistics/

Kam, R. (2015). The biggest threat to data security? Humans, of course. Retrieved from https://iapp.org/news/a/the-biggest-threat-to-data-security-humans-of-course/

Security Magazine. (2016). Information security forum forecasts 2017 global security threat outlook. Retrieved from http://www.securitymagazine.com/articles/87639-information-security-forum-forecasts-2017-global-security-threat-outlook