Answer

Security Education, Training, and Awareness (SETA) Strategy for the Company

Introduction

This presentation discusses the company’s Security Education Training Awareness (SETA) strategy

Areas covered are:

Description of SETA framework

• Benefits of SETA implementation and negative effects of not having it
• Security education for the company, outside sources and cost
• Security training for the company, outside sources and cost
• Security awareness for the company and low cost components
• Prototype for one of security awareness components selected
• Description of the SETA Framework
• SETA; security education, training, awareness.
• SETA developed for addressing and implementing information security training and techniques (Whiteman, 2015)
• SETA targets all users within the organization with specific programs for their technical expertise level and jobs
• Education component; teaches organizational members about the company’s preparations and responses

  – Enables organizational members to acquire insight on processes

   – Ensures constant improvement of employees

• Description of the SETA Framework (Continuation)
• Training component; educate organizational members how they should respond or react when facing threats (Whiteman & Mattord, 2008)
• Provides in-depth knowledge concerning the detection of threats
• Provides in-depth knowledge concerning the teaching of skills required for effective response
• Awareness component; educate organizational members on what security constitutes and actions they should embrace in particular situations (Whiteman & Mattord, 2008)

–  Offers basic information concerning responses and threats

• Table Showing the SETA Framework
• Benefits of SETA Implementation and Negative Effects of not Having It
• Benefits of SETA Implementation are (Height, 2015):
• Broader base of skilled personnel in which the organization can tap
• Support of information security efforts by organizational employees
• Protection of the firm’s critical assets
• Safeguarding the company from known threats and discovering hidden threats
• Enhances the company’s effectiveness in risk management
• Benefits of SETA Implementation and Negative Effects of not Having It: Negative Effects
• Negative Effects of not having SETA program are (Height, 2005):
• Inability of the company to protect itself from threats or identify hidden threats
• Enormous damages to company’s critical assets when threats occur
• Incurring enormous costs arising from the damages caused by a threat or threats
• Approach for Security Education for the Company
• Establishment of attribute, level, objective, teaching method, test measure, and time frame
• Attribute; “Why” organizational employees should be educated on threats associated with :

-Malicious code or virus, fire, burst water pipe, Voice of Internet Protocol (VoIP) Telephone system failure, fire, power failure, and Internet Service provider (ISP) Failure.

• Level: Insight on threats
• Objective: Enhancing employees understanding of threats or events
• Teaching method: theoretical instruction
• Test Measure: Essay
• Impact Timeframe: Long-term
• Cost: Approximately 300,000, 150,000, and 90, 000 for large, mid-sized, and small enterprises respectively (Whiteman, 2015)
• Approach for Security Training for the Company
• Establishing attribute, level, objective, teaching method, test measure, and time frame
• Attribute: “How” organizational employees can identify and address the aforementioned threats or events
• Level: Knowledge about threats or events
• Objective: equip employees with skills needed to identify and address the aforementioned events or threats
• Teaching method: Practical instruction
• Test measure: problem solving
• Impact timeframe: intermediate
• Cost: 290,033 for larger enterprises, 120, 000 for mid enterprises, and 60,000 for small enterprises (Infosecurity, 2018; Whiteman, 2015)
• Security Awareness for the Company and Low Cost Components
• Establishing attribute, level, objective, teaching method, test measure, and time frame
• Attribute: “What” organizational employees can identify and address the aforementioned threats or events
• Level: Information about threats or events
• Objective: enable employees to recognize the aforementioned threats or events
• Teaching method: media
• Test measure: False/True and multiple choice questions
• Impact timeframe: short-term
• Low cost components: $1000 for entrepreneur, $2000 for mid-enterprise, and $5000 for enterprise per year (TrustNet, 2017).
• Costs can be reduced by training employees to train others, outsourcing the process, and seeking services of a cloud company.
• Prototype for One of Security Awareness Components Selected (Malicious Code or Virus)
• Attribute: What organizational employees can identify and address malicious code or virus
• Level: knowledge about identification of, response to and recovery from malicious code or virus
• Objective: Equip employees with skills needed to identify, respond to, and recover from malicious code or virus
• Teaching method: posters, newsletters, and videos on virus attacks
• Test measure: problem solving on issues associated with malicious code or virus
• Impact timeframe: Intermediate
• Conclusion
• The SETA program aims at enhancing security by establishing detailed knowledge
• This goal is accomplished by establishing knowledge and skills
• Implementing the SETA programs presents several benefits to organizations
• SETA’s absence can result into negative effects such as damage to critical assets and incurring of enormous cost, and inability to safeguard against threats
• The company’s management should consider embracing a SETA program proposed in this presentation