What is security awareness training?
Security awareness training is the training for raising awareness among the employs, management as well as among the stakeholders of the organization to identify various threats related to the business and help them to take appropriate action against the security threats. Security awareness training in today’s digital age is essential for every organization to deal with security issues (Shaw et al.).
Why does your organization need a security awareness program?
The modern InfoTech, one of the leading startup company in the information sector, needs proper security training for the employees as well as the authorities of the organization as deals with customer data which needs to be secured (McCrohan, Kathryn Engel and James W. Harvey). Along with that, the database of the company stores important information about the organization, transactional data and other important data as well. In order to ensure that the employees and the stakeholders deal with this data efficiently it is important to have the proper security guidelines as well as security awareness program to ensure proper data security.
Getting management buy-in
The policy has been developed to ensure that it not only meets the organizational need for data security but strengthen it as well. The policy statements are the following:
- Formal participation as well as security awareness program review by all the full time and part time faculty and staff
- Report on security issues to respective departments in a timely manner with proper documentation
- Newly hired faculty and staff will also be provided with the training, and that will be completed within 10 days
- Newly hired faculty and staff will not be entertained to resign from the organization once training is availed. If so the training cost has to be paid by the individual
- The training is available in both online and offline mode
- No training material including the audio, video, the document is allowed to download and distribute with the permission of the organization
- Employees need to provide feedback after the training to assess the program better and identify opportunities to improve the quality of the program
The policy if implemented will bring the following improvement:
- Increased awareness among the employees
- Proper and effective reporting and documentation of security threats
- Reduction in security issues due to lack of knowledge among the employees
The training program will not require huge investment, and the policy has been developed with reference to that. However, it will help the company to save millions which the company might need to be addressed if security breaches occur due to lack of employee knowledge about the cybersecurity issues.
The training will help the employee of modern InfoTech to identify security issues and techniques to avoid that which will help them to work efficiently and increase the production.
Understanding the threats:Motivations of cybercriminals
There are several motivations for the cybercriminal to perform cybercrime such as (Hayden):
Although the money is the major motivation for the cybercriminals, it is not the only one. The other factors also serve as motivations for the cybercriminals as well.
The money associated with the cybercrimes is worth millions, however depending on the size and strength of the organizations (Anderson et al.). This might be higher or lower but what is important here is that whenever organizational data is breached, the organization in most of the cases is asked to pay a huge amount to get back the data which brings additional cost well. The smaller companies can even go bankrupt due to one data breach (Weber). Hence appropriate knowledge about the issue is not only important but essential as well.
Industrial espionage/trade secrets
It is identified as the theft of business trade secret by the competitive companies for the competitive advantage (Carlos Roca, Juan José García and Juan José de la Vega). According to the Economic Espionage Act, this is not only illegal, it is not ethically permissible and considered a criminal offense as well.
The Hacktivism is considered important and popular internet activism (Ratnasingam). The hackers with the rebellious attitude deploy the computer and computer network aims to promote some social change or some financed political agenda
When a nation through cybercrimes tries to bring damage to another nation, it is termed as cyberwar (Jordan and Paul Taylor). In this age of technology, cyberwar is becoming more popular than the traditional war. It might also be regarded as the virtual war between two nations.
When hackers have a more notorious purpose to hack officials or government agencies, the motivation for the crime is much higher than just the financial gain. Sometimes hackers also demand full control over the entire organization or the government through the exploitation of the cybersecurity framework (Armstrong, Helen L. and Patrick J. Forde). It is termed as the “bragging rights” in the cybercrime context.
5. Costs of cleaning up after a breach
According to the Ponemon Institute data breach report in 2018, the average cost of the data breach has increased in the past few years. However, according to the report, the Costs of cleaning up after a breach will still depend on the nature of the crime (“Ponemon.org”). The report has been prepared with the responses of the responses of 2,182 interviews from 254 companies in seven countries—Australia, France, Germany, Italy, Japan, United Kingdom and the United States.
According to the report, in the case of the organized crime, the average cost ranges from $65 million to $100 million. However, this cost will still depend on the organization infrastructure and existing strategy for addressing the cybercrime.
The report specifies that as an entire nation is involved in the cybercrime and the target is also a nation, this type of cybercrimes will require the highest cost than the other crimes. The Nation-States cybercrime involves various organizations, government as well as industries both small and large ones and the individuals of the nation too. The average cost according to the report is approx. $57 billion to $109 billion.
This type of crimes according to the report will also require major investment for cleaning up after a breach as more than one hacking gang will be involved. The average cost is likely to be $210 million to $425 million.
The major motivation of the Hacktivist is to bring social change or promote some political agenda (Klein). The cost might not be a major factor here. However, it will still require investment from the organizations if the cybercrime occurs. The cost according to the report will depend on the nature of the organization though. The report specifies that the recent cybercrime has caused NASA $500,000. Another cybercrime by the Hacktivist has caused PayPal £3.5m.
The cyber war is another form of cybercrime that also involves two nations, organizations or as per the choice of the cyber criminals who are involved in the virtual war (Clarke and Robert). If one nation is successful in the cyber war against other nation, it will cost a huge amount of money to the other nation. The average cost of a cyberwar, according to the report is $600 billion for large companies, for small organizations it is around $200 million.
Anderson, Ross, et al. "Measuring the cost of cybercrime." The economics of information security and privacy. Springer, Berlin, Heidelberg, 2013. 265-300.
Armstrong, Helen L., and Patrick J. Forde. "Internet anonymity practices in computer crime." Information management & computer security 11.5 (2015): 209-215.
Carlos Roca, Juan, Juan José García, and Juan José de la Vega. "The importance of perceived trust, security and privacy in online trading systems." Information Management & Computer Security 17.2 (2017): 96-113.
Clarke, Richard Alan, and Robert K. Knake. Cyber war. Tantor Media, Incorporated, 2014.
Hayden, Lance. IT security metrics: A practical framework for measuring security & protecting data. McGraw-Hill Education Group, 2017.
Jordan, Tim, and Paul Taylor. Hacktivism and cyberwars: Rebels with a cause?. Routledge, 2017.
Klein, Adam G. "Vigilante media: unveiling Anonymous and the hacktivist persona in the global press." Communication Monographs 82.3 (2015): 379-401.
McCrohan, Kevin F., Kathryn Engel, and James W. Harvey. "Influence of awareness and training on cyber security." Journal of internet Commerce 9.1 (2014): 23-41.
Ponemon Study Shows The Cost Of A Data Breach Continues To Increase - News And Press Releases. Ponemon.Org, 2018, https://www.ponemon.org/news-2/23. Accessed 13 Oct 2018.
Ratnasingam, Pauline. "The importance of technology trust in web services security." Information Management & Computer Security 10.5 (2015): 255-260.
Shaw, Ruey Shiang, et al. "The impact of information richness on information security awareness training effectiveness." Computers & Education 52.1 (2015): 92-100.
Weber, Rolf H. "Internet of Things–New security and privacy challenges." Computer law & security review 26.1 (2016): 23-30.
This problem has been solved.
Cite This work.
To export a reference to this article please select a referencing stye below.
Urgent Homework (2022) . Retrive from https://www.urgenthomework.com/sample-homework/dcu152-cyber-security-awareness-free-samples-to-students
"." Urgent Homework ,2022, https://www.urgenthomework.com/sample-homework/dcu152-cyber-security-awareness-free-samples-to-students
Urgent Homework (2022) . Available from: https://www.urgenthomework.com/sample-homework/dcu152-cyber-security-awareness-free-samples-to-students
Urgent Homework . ''(Urgent Homework ,2022) https://www.urgenthomework.com/sample-homework/dcu152-cyber-security-awareness-free-samples-to-students accessed 29/09/2022.