Reference no: EM131258953
Weaknesses of a Security Awareness Program
A security plan is only as strong as the awareness program that introduces and illuminates it to the employees of an organization. In order to develop strong SAPs, you must develop a broad understanding of techniques and best practices for their design and implementation. With this understanding comes the ability to evaluate existing programs and identify weaknesses in those programs.
For this Discussion, you will analyze the weaknesses of the security awareness program implemented for the fictional company Advanced Topologies, Inc.
The details of Advanced Topologies and some of the security issues they have already faced are described in the case study of your textbook.
Consider the following scenario:
You have been hired as a security awareness consultant at Advanced Topologies. Part of your job is to take a close look at the company's existing security awareness program and analyze any weaknesses in the program.
Advanced Topologies has provided you with a document that outlines this existing program. It includes the following summarized list of the activities that have been put in place:
Mandatory New Hire Orientation-a presentation from the IT department that includes password usage and management, the spam abatement program, and appropriate web usage.
Brown Bag Seminar-Starting 3 months ago, the IT department has been holding an optional seminar once a month to provide employees with information on various security topics. Past talks include information on how to handle unknown e-mail attachments, laptop security while traveling, and how to secure personal home computers.
Yearly Security Meeting for Top Executives only-Once a year, the IT department goes over the security breaches that have occurred over the past year and describes any precautions that have been put in place to help prevent them. In the past, there have been a few phishing attempts, but nothing else of significance has been reported.
What weaknesses can you see in Advanced Topologies' program? What improvements would you recommend?
Post a 350- to 500-word analysis of the existing security awareness program at Advanced Topologies. Include in your analysis an explanation of at least two weaknesses you see in the existing program. In addition, describe improvements to the SAP that you would propose to help eliminate these weaknesses.