It has been said that the single greatest risk to the security of a company is the human element. Hackers often gain access to a company through social engineering techniques and a variety of attacks such as phishing messages designed to have an employee unwittingly giving the malicious actor access. Other times, there are those internal to the company, such as an employee with a grudge against the company or a hidden agenda which can be a threat to technology security.
You are the newly hired information security officer for a small company. Your position is a new position tasked with helping the company made good decisions about IT security. The head of human resources has come to you and asked for help in drafting a plan to develop a program of employee awareness, training and education. In addition, she would like to have recommendations about the policies the company should adopt around the use of IT resources provided by the company.
Do some research on the types of awareness, training and education resources that are used by other companies as well as the types of policies that are often part of the policies around IT usage. Your final report should include a recommendation for the types of programs and policies requested by the head of human resources as well as some examples of existing resources such as training materials or training programs available for use or for purchase.
Be sure to support the examples and the final recommendation with citations from credible academic sources. The report should be at least 3 to 5 pages in length and follow the APA style guidelines and appropriate citations.
