|Due By (Pacific Time)
||11/18/2016 03:00 pm
When executives at organizations make decisions on information security, they often delegate it to members of the information technology staff (i.e., security is an IT issue, they should deal with it). However, technology alone cannot address all information security related issues. Many issues concerning information security are either management related or personnel related.
As organizations improve their technical security, a major gap can remain on the human side: that of helping an organization’s workforce to improve their security awareness and alertness via the delivery of Security Education Training and Awareness (SETA).
For this Discussion, you will investigate several cases where an organization’s focus on technical controls has led to a security incident. You will analyze how organizations provide security training to their staff, you will evaluate how effective these training programs have been, and you will determine the ways organizations attempt to measure the impact of their training programs and what these organizations are doing to improve this training.
submit a 2- to 3-paragraph post that includes the following:
- A description of the cases you investigated involving a security incident, including an analysis of what nontechnical controls would have prevented or detected the incident in each case
- Answers to the following questions:
- How do organizations today deliver their Security Education Training and Awareness (SETA) messages to their staff?
- How effective are these delivery methods? Explain.
- How are organizations measuring this effectiveness, and what are they doing to improve the impact of their SETA campaigns?