Security Plan and Training Program

Security Plan and Training Program Assignment 2020

1 Executive Summary

In this particular report, the various different electronic, human and physical holdings which could be facing risks as a result of the snags in an establishment’s securities would be analysed.

The organisation comprises of a total of 1000 staffs working under its roof which is located in a separated, multi – storied building of a central business district in a highly advanced city.

After having properly analysed the possible threats and the risks, we would be determining the actual as well as the potential threats which are likely to surface and cause hard to the electronic, human as well as the physical holdings of the establishment.

After the threats and the risks have been analysed, they would assist in the formulation of a security plan in covering the various different counter – steps which could or should be undertaken in managing the electronic, human and the physical threats and safeguard the establishments from risks in the future.

Then on, on the basis of the findings, we would have to come up with an effective and efficient “information security education and awareness programme” which would be aimed at educating the contractors, the staff as well as the management regarding the various aspects of security (Kebbel-Wyen, 2016),.

2 Introduction

A security plan leads to the creation of guidelines for ensuring an organisation’s safety from various sorts of threats and risks that might come about as a consequence of the evolving technologies as well as the needs of the businesses around the world.

The essentiality of the downloading and the publishing to the appropriate external entities and must be communicated in an effective manner to the workers as well.

The aspect of security is highly complex and it constitutes several different aspects out of the existing factors there also are a few other aspects that are required to be present at all times in order to make sure that a certain organisation or establishment is safe at all times.

The other aspects could be integrated at a later time as and when the necessity arises. All of these factors come together for the formulation of a security plan which is foolproof for any given establishment.

For ensuring that a particular security plan is effective and efficient, it is highly important that the plan is implemented at the inter – organisational, organisational as well as the individual levels.

An effective security plan comprises of the policies which safeguard all the various different business assets which include the electronic, human or the physical assets.

Security planning has been seen to be either non – existent or either heavily lacking in seriousness and depth in many of the organisations today.

They issue is often ignored and the need for an effective security system is often realised only after a company has incurred a heavy loss owing to a breach in the security.

2.1 Need for Security Plan

For protecting the most important organisational resources, it is highly essential that an establishment takes care of the national as well as the state security measures and this makes security planning a very important consideration.

Security planning is also required for the safety and health of the public as well as for the economic growth and prosperity. It is also needed such that everyone can ensure his or her smooth livelihood.

3 Security Plan

3.1 Risk Analysis

Described below are the various holdings of the establishment which could be at risk:

3.1.1 Physical Holdings

The assets of a business establishment are, in general, referred to as the physical holdings which are always at a constant risk. Hence, it is the responsibility of the contractors, the consultants as well as the employees to safeguard the non – tangible as well as the tangible assets of that establishment. Damages might include risks to the office building from accidental fire or earthquakes, to other electronic gadgets such as the vending machines, the air conditioners, printers, desktops, laptops among others (Alexander, 2008).

3.1.2 Human Holdings

These basically include the contractors, the management as well as the staff who are working or are connected to the establishment. In this particular case, the human holdings are the 1000 human personnel who are working for the organisation throughout the hierarchical structure from the CEO to the peon.

3.1.3 Electronic Holdings

These include all the electronic machineries which the company possesses along with all the intangible data. A lot of the establishments are attempting to go paperless which gives rise to the risk of hackers hacking into the classified sites of the establishment.

3.2 Threat Analysis

3.2.1 Physical Threats

Majorly the physical threats are connected to the natural calamities or the accidents which physically harm an organisation’s properties and hence cause in disruption in an organisation’s usual working conditions.

This might be inclusive of internal and external fire, external and internal flooding, typhoons, tidal waves, earthquakes, volcanic eruptions and earthquake.

If the establishment is situated close to an ocean or a sea then there are greater chances that the establishment would be affected as a result of external or internal flooding or even by the tidal waves.

Physical threats could include accidents, natural disasters or attacks which cause harm to the organisation’s physical holdings. Hence, a security plan becomes very necessary in determining the risks which an establishment might have to face in future (Peek-Asa, 2017).

3.2.2 Electronic Threats

These are also referred to as technical threats as fluctuations or failure in the power supply might essentially result in damages to the electronic components.  The failure in air conditioning, ventilation as well as excessive heating might also be treated as an electronic threat.

If such issues are not taken note of then they might cause significant amount of trouble to the establishment in the future. Several other problems in this regard could also be the failure or the malfunctioning of the CPU which might put an organisation’s electronic database at risk.

Other such threats include failure in communications or telecommunications, nuclear fallouts, gas leaks among others.

4 Security Countermeasures

There are a lot of different aspects that need to be incorporated under an effective security plan for it to be useful and also for countering the various risks. These have been discussed as under:

4.1 Physical Countermeasures

These are the most vital security measures that are undertaken in order to protect an organisation’s physical assets.

The protection of the assets, nonetheless, need to be noted during the stage of recruitment itself and must be monitored effectively when the person is employed under the establishment.

It has to be the duty of the consultants, the contractors and the employees to safeguard the non – tangible as well as the tangible assets of the establishment against all destructions and harms.

In the situations of any suspected or real threat to the assets of the company, an employee must report to their respective manager prior to that turning into a larger security threat.

An establishment could safeguard the physical assets of the organisation by enhancing the off – site back – ups or the back – ups. The concept of a hot site or a cold site could also be implemented. The establishment must also have a theft prevention mechanism in place.

This could be done by making use of the electronic cards, locks or guards for preventing access to the company’s physical properties (Van, 2017).

4.2 Human Countermeasures

Incident management is what the workers need to understand and must be provided extensive training regarding the management of the incidents. The reaction and the prevention protocols need to be harnessed within the establishment.

The employees need to be effectively trained and those could include teaching them about the natural disasters which occur in a way that they could be well – prepared prior to counter such happenings.

The employees must also have the skill of handling sexual attacks or personal injuries. The establishment must take them out on field trips or conduct workshops and give them the required amount of knowledge regarding land – mines among others.

The management as well as the employees need to be taught reaction protocols such as psychological and medical emergency situations. They also need to be trained in fire safety with the help of safety drills or mock drills (Wilson & Hash, 2003).

Also, during the human counter – measures, the families of the employees and the employees themselves might be subjected to threats and hence they must be adequately insured and trained well in the self – defence mechanisms.

4.3 Electronic Countermeasures

Since a majority of the sensitive information, the planning schemes and strategies of establishments are stored in an electronic format by the businesses, electronic theft have become a common form of theft these days.

Hence, it has turned very much essential for business establishments to direction efforts towards electronic countermeasures.

If an establishment is inadequate in keeping its content password protected, then sanitising of the data becomes imperative meaning that the information must be entirely erased with the help of appropriate techniques of disposal.

In order to sanitise data, simply deleting or erasing the content is not enough but the information will have to be over – written ample number of times in order to dispose it off effectively.

5 Training

The policies and the measures which will be prepared by the establishment will have to be tested repeatedly with the help of mock dills and this would assist the workers in understanding how the physical assets must be safeguarded and how the calamities and the natural disasters must be countered.

The employees should, furthermore, be taken out on land – mine trainings as well as on field trainings and this would help them in effectively gauging the potential risks involved (Basham and Rosado, 2005).

For ensuring that the workers are well acquainted with the information security processes and policies, they must be trained effectively regarding the processes and security requirements which are specific to their jobs.

They should also be taught about the proper use of the IT systems.

Moreover, the contractors and the employees could be taught newer security steps once every single year.

This would help them in inculcating the best defence techniques as well. The aspect of internal attack risks must also have to be assessed by carrying out employees’ background check.

6 Security Policy

An efficient security system needs to be built by framing a security infrastructure policy.

A security plan must be one in which the programme and the policies protect not just the organisational assets but also the environment surrounding the establishment, the community as well as the employees.

It must be developed in a way such that all the chances of security breaches are either diminished or completely removed. The participation of the employees must also be given due attention.

An effective security infrastructure must be built by the creation of an effective policy of security infrastructure and those include account management policy and security training policy (Thomas et al, 2012).

Provided below is a security plan with the required countermeasures of managing and addressing the threats:

  • Coming up with an authorisation, identification and authentication policy would assist in providing a restricted access to a handful of the people who are authenticated only with by identity verification. The workers could be provided electronic key cards for accessing the data or for entering the office.
  • The policies for the protection of data would provide greater security particularly to the data which is sensitive and for this reason the system based mechanisms could be recommended for protecting the data.
  • The policies for physical access such as providing access to the areas which are restricted to a handful of few people in the upper management as well as providing proper identification cards would assist in securing and upholding the organisation’s security as well as the classified information.
  • The Incident Response Policy would teach the employees in managing all sorts of difficult circumstances that might arise while maintaining composure.

7 Conclusion

Therefore, by effectively utilising the information security plan that has been mentioned above and also by effectively training and spreading awareness among the workers, the establishment would be able to avoid a lot of the risks and the dangers. The department of technology must also keep up with the developing establishment and must also utilise the security plan across all levels of the establishment.

References

Alexander, G., Cromwell, P., Dotson, P. (2008), Crime and incivilities in libraries: situational crime prevention strategies for thwarting biblio-bandits and problem patrons, Security Journal, Vol.21(3), pp. 147-158.

Basham, M., Rosado, AL. (2005), A Qualitative Analysis of Computer Security Education and Training in the United States: An Implementation Plan for St. Petersburg College, Journal of Security Education, Vol.1(2-3), pp. 81-116.

Kebbel-Wyen, J. (2016), 4 Steps to successful security training, Risk Management, Vol. 63(8), p. 14(2).

Peek-Asa, C., Casteel, C., Rugala, E., Holbrook, C., Bixler, D., Ramirez, M. (2017), The threat management assessment and response model: A conceptual plan for threat management and training, Security Journal, Vol.30(3), pp. 940-950.

Thomas, W.S., Babb, D., Spillan, J.E. (2012), The Impact of a Focus on Change in Technology in Successful Implementation of SAP Enterprise Resource Planning Systems in North and South America, Journal of Management Policy and Practice, Vol.13(5), pp. 19-34.

Van, A.A. (2017), How to develop a vital program project plan, Information Management, Vol.51(6), pp. 33-36.

Wilson, M., Hash, J. (2003), Building an Information Technology Security Awareness and Training Program, viewed on 25th September, 2019, retrieved from https://www.crowell.com/files/nist-800-50.pdf

Leave a Comment