Security Training Program

 Please is important to refer to the attached document for the powerpoint presentation.

Urgently due tomorrow.

Module 06 Course Project – Security Training Program

The policies that you have created and modified have received final approval from management.

You have been asked to do the following:

• Develop a security training program for the staff to ensure that the updated and new policies are fully understood.

For this submission, you will:

• Create a PowerPoint presentation to be used for training the staff.
• Highlight ALL changes whether they are new policies or changes to existing policies.
• Provide 10 – 15 slides and include speaker notes.
• Make your presentation clear and use an appropriate and influential tone to engage staff so that the new policies and changes are easily understood.
• Use professional language, proper grammar and spelling.

Version:

<1.0>
Error! Unknown document property name.

Summary Report Module

Summary Report – Module 5

Version 1
Prepared By: Jude akassap

Date: 9/11/22

Training Plan Version:

<1.0>
Error! Unknown document property name.

Revision Date:

Error! Unknown document property name.

Page 2 of 10

NOT DONE – CDC_UP_Training_Plan_Template

VERSION HISTORY

Version #

Implemented

By

Revision

Date

Approved

By

Approval

Date

Reason

1.0

Jude Akassap

9/11/22

Jay M.

9/11/22

Approve recommendation

TABLE OF CONTENTS

1

Introduction

5

1.1

Purpose

5

2

Executive Summary

5

3

Detailed Summary

5

3.1

LAN Security/Password Policy

5

3.2

Antivirus

5

3.3

Acceptable Use

5

4

Recommendations

5

5

SuggEstED aCTIONS

5

Appendix A: Approval

6

APPENDIX B: REFERENCES

7

APPENDIX C: KEY TERMS

8

Introduction

Purpose

This
Summary Report provides a summary of end users security policies updates and recommendations to improve security

Executive Summary

In this report, the end user security policy is examined, and areas where new policies or modifications would be beneficial are noted.

Detailed Summary

LAN Security/Password Policy
While the LAN Security policy section does mention some policy parameters regarding password security, certain aspects are left entirely up to the IT Officers discretion. Password policy guidelines such as the complexity, length, and frequency of use should be detailed for increased security. Many organizations follow a password standard such as NIST
This policy is a bit of a mixed bag when it comes to passwords. It does reference basic parameters about password security such as password complexity, length and frequency of use, but the IT Officers are left entirely on their own in terms of rules regarding components (alphanumeric vs. uppercase vs. lowercase) and rules that may be followed. It’s recommended that organizations follow NIST security guidelines such as those outlined in “Guidelines for Developing Security Policies.”
The IT Officer in charge will be the primary contact for LAN Security and Password Policy. This can be done by either writing a policy and or delegating this responsibility to an individual or organization. It is recommended that the IT Officer(s) collect information from each employee regarding their password security practices to determine best practices for their organization.
Antivirus
According to the 10.1 Detailed Policy Requirements section, BYOD devices must have antivirus software, however company-owned laptops and other devices are not obliged to have antivirus software. All company-owned devices should come with antivirus software installed, and only IT administrators should be allowed to turn it off. Any software installation should be subject to prior authorization and IT administrative rights. By enabling antivirus and carefully examining software before it is loaded, end device security will be much improved.
Acceptable Use
There is no definition of acceptable use of an organization resource. Implementing firewall rules to ban specific websites and website categories that are regarded inappropriate for the workplace is a good idea. Policies that outline acceptable and undesirable workplace browsing activity should be made available to employees.

Recommendations

This report finds there are several critical issues with the current security policy and recommends the above actions be implemented to increase the overall security of the organization.
· Update LAN security policy- fundamental protections; BitLocker, RAID, Secure Active Directory through monitoring Active connections on internal and external network, leverage encryption across all applications and services, authentication measures, such as hardware tokens or multifactor authentication.
· Update Password policy- requires change every 90-180 days, make minimum of 10 characters in length, include hard-to- Guess factor.
·

SuggEstED aCTIONS

Following these recommendations, new policies ought to be developed and included in the upcoming version of the end user information security policy.
· New guideline policy; for the use of operating systems, browsers and other hardware appliances. That includes 1. No sharing of passwords, PINs or other authentication information with anyone else. 2. Regular reporting of security breaches. 3. Regularly back up all of your personal data and keep it in a safe place in case the worst should happen. 4. Log security alerts and report any new risks as soon as possible
· New information security policy with specifications: new organizational requirements, such as GDPR compliance, no one may access or leave the network without permission, everyone must log in using their own computer, only authorized extensions may be added to existing accounts and all private information should be kept secure. The policy also demands that everyone in the organization, including admins and power users, know and abide by the policies detailed in this document. The benefit is that the updated policy prevents data exfiltration and unauthorized data access, while enhancing the confidentiality, integrity and availability of the existing systems.

Appendix A: Approval

The undersigned acknowledge they have reviewed the
and agree with the approach it presents. Changes to this
will be coordinated with and approved by the undersigned or their designated representatives.

Signature:

Date:

Print Name:

Jude Akassap

Title:

IT Officer

Role:

Develop, Upgrade, Deploy the infrastructure of the Network, Software, Database

Signature:

Date:

Print Name:

Dene Kinter

Title:

Network System Admin

Role:

Deploy and Maintain the Office LAN Network

Signature:

Date:

Print Name:

Hunt Jamey

Title:

Software QA Analyst

Role:

Maintain, Update, Program the IT software infrastructure

APPENDIX B: REFERENCES

[Insert the name, version number, description, and physical location of any documents referenced in this document. Add rows to the table as necessary. This is where you would want to reference your Risk Register and any other documents that you need to. For the purposes of this class, please include references to course material or outside sources that you are using in your work.]
The following table summarizes the documents referenced in this document.

Document Name and Version

Description

Location

[IT Security Plan]

< https://security.it.iastate.edu/policies/it-security-plan >

APPENDIX C: KEY TERMS

[Insert terms and definitions used in this document. Add rows to the table as necessary. Keep in mind that you are typically writing a summary report for someone who is not familiar with information technology. Be sure to define any terms here that might need to be explained.]

The following table provides definitions for terms relevant to this document.

Term

Definition

Audit

An unbiased and independent verification of the IT infrastructure which includes the approach of evaluating and collecting the IT security operations and practices.

IT Security

The preservation of the integrity and confidentiality associated with information system.

Risk

The chance of a specific vulnerability with the Information System either unintentionally or intentionally exploiting the IT threat.

1

Revision Date:

Error! Unknown document property name.

Page
7 of 8

image1