5.    Develop a research report or implementation plan concerning legal and ethical best practices and mandated requirements that pertain to information security.

 

Security Awareness
Tate Gentry
University of Advancing Technology

​

    Security awareness is one of the biggest factors in managing risk, dealing with incidents, and keeping everything in check. One of the smartest things to do when creating a business is to form a security awareness plan. This is generally required to comply with PCI DSS Requirement 12.6. The next thing after complying with these requirements is to address the changing info security environment and to reinforce the structure of the way your business does work. The best practices for this include assembling a security awareness team, roles for security members, training content, and communication between people regarding threats and risk mitigation. Creating a checklist is a good way to start. You can assess the risk level based on a checklist and the practices. One of the biggest risks to an organization is not the infrastructure itself but the people within that could create security incidents. This includes sharing company information outside of resources provided, reusing passwords, not reporting unusual activity, and last but certainly not least social engineering. Therefore, it’s good to have a plan in place and make sure all employees are aware of procedures and when to report things, mishandling information, etc. This can be enforced with penalties as some may not take it seriously. It is important to put the level of harm that can be done into perspective for the average employee as even reporting small issues could potentially aid to stopping an incident from arising. Every security awareness plan should also include social engineering training, reporting risk training, download training, and secure password training. Doing even just this with your employees once a month will help aid in a large amount of reduced risk. I found a great chart that displays how a business should ideally operate with security awareness.
 
References
https://www.proofpoint.com/us/security-awareness/post/security-awareness-training-best-practices-consider
https://www.knowbe4.com/hubfs/Best%20Practices%20for%20Implementing%20Security%20Awareness%20Training%20-%20KnowBe4%20Osterman%20(1).pdf?hsCtaTracking=a496e6e4-db79-403a-8f53-74eb77bb6d33%7Cd90a5c04-9f53-4a13-be2e-5615d0cc9af5