Security Awareness Program Proposal

Posted on December 27, 2025

Security Awareness Program Proposalimage From Httpssgnortoncomcy

From Httpssgnortoncomcy Security Awareness Program Proposalimage From Httpssgnortoncomcy Security Awareness Program Proposal Image from Presented by John Baker Student SNHU 2017 Multiple Unite Security Assurance Make introduction and use the abstract to tell what will be covered. The following proposal will look at Multiple Unite Security Assurance (MUSA) Corporation security awareness and will provide a plan and guidance to fix the corporation’s security issues. The following proposal will have an introduction to highlight current issues. Next will be the proposed fix actions and then the communications process to ensure all involved will understand the process of fixing the current issues. 1 Introduction: -Current Risk Assessment ---HIGH Can be Mitigated down ---Medium Low -Security Concerns ---Needs addressing -Policy letters ---Updating current polices Multiple Unite Security Assurance The following proposal will look at Multiple Unite Security Assurance (MUSA) Corporation security awareness and will provide a plan and guidance to fix the corporation’s security issues.

The following proposal will have an introduction to highlight current issues. Next will be the proposed fix actions and then the communications process to ensure all involved will understand the process of fixing the current issues. Overall current risk is high. We can mitigate this down with implementing new protective devices, updating rules and developing programs to conduct/track training, develop new administrative policies to separate duties and hold employees accountable and review and update plan as needed to a medium low. I don’t feel we can ever get to a low risk due to the fact of changing technology and hacker techniques.

No annual cyber security awareness training, which is causing high phishing and social engineering attacks No configuration change management policy (to reduce unintentional threats) No intrusion detection/prevention system Logs are not being collected or analyzed No media access control policy No encryption or hashing to control data flow and unauthorized alteration of data Vulnerability assessment is conducted every three years; unable to assess the security posture status High turnover and low morale among the employees (due to lack of employee readiness programs and work planning strategy) High number of theft reports and security incidents; possible unethical/disgruntled employees No segregation of duties or mandatory vacation policies (to mitigate intentional threats) Policy letters: MUSA PL 1 Maintaining Cyber Security Training MUSA PL 2 Implementation of Change Management MUSA PL 3 Implementation of Intrusion/ Prevention systems MUSA PL 4 Audit Logs MUSA PL 5 Media Access Control MUSA PL 6 Data Flow Control MUSA PL 7 Vulnerability Assessment MUSA PL 8 Employee Readiness MUSA PL 9 Thefts and Incidents MUSA PL10 Office Policies for Cyber Security 2 CONTINOUS MONITORING PLAN ---Needed to determine --- Mitigate risks before they happen COMMUNICATIONS PLAN ---Who? --- All employees from management down --- Why? ---To understand the need to ensure information/system protection Multiple Unite Security Assurance MUSA 300.1 requires MUSA to have a continuous monitoring plan.

The use of the continuous monitoring plan will allow the company to determine and mitigate risks before they can become issues. The plan will be developed around the guidance provided in NIST Special Publication 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems, A Security Life Cycle Approach, February 2010 and other governing policies as listed in this document. The continuous monitoring plan is part of the six-step risk management process that is outlined in the NIST guidance. MUSA has a need for an ongoing security program due to the fact we are handling customer information and that needs to be protected according to the rules and regulations that are put out by the federal government.

3 RISK ASSESSMENT: HIGH Due to lack of protections and training Mitigation: Medium Low With IDS/IPS Training and tying Training to access Multiple Unite Security Assurance I have been briefed by chief executive officer that the corporation is having some issues in the security awareness realm. He stated that he has seen a presentation on the importance of a security awareness program that was presented by one of the information security team. He has asked me to develop a security awareness program for the MUSA Corporation to fix the current security gaps. Overall current risk is high. We can mitigate this down with implementing new protective devices, updating rules and developing programs to conduct/track training, develop new administrative policies to separate duties and hold employees accountable and review and update plan as needed to a medium low.

4 CURRENT SECURITY CONCERNS Lack of awareness training, high phishing and social engineering attacks No configuration change management policy No intrusion detection/prevention system Multiple Unite Security Assurance Recommendations Item 1. Establish cyber security awareness training program. This will include a tracking program that will allow company to tie currency to system access. Recommend training be conducted every six months due to changing technology and hacker techniques. Item 2. Establish change management policy to ensure only those authorized to make changes and changes follow procedures to ensure that no interruptions in service will occur. - Item 3. Implement use of intrusion detection and prevention systems to ensure network is secured. This will also allow us to see what is going on with system as far as attempt to access system from outside sources. 5 Logs are not being collected or analyzed No media access control policy No encryption or hashing for data Vulnerability assessment Lack of security posture Multiple Unite Security Assurance Item 4. Establish procedures for collection and monitoring logs. Item 5. Establish media access control policy to ensure that only what is authorized is accessed by network. Item 6. Implement encryption and hashing program to ensure our data is protected. - Item 7. Implement program to conduct vulnerability assessment at least every six months for the first two years to ensure we are capturing our current risks.

6 High turnover / low morale among the High number of theft / security incidents Possible unethical/disgruntled employees Outdate office policies Segregation of duties Mandatory vacation Multiple Unite Security Assurance - Item 8. Conduct survey to see what employees feel are company issues. Item 9. Collect and review theft reports and incidents and see if these occurring by same individuals. - Item 10. Review administrative policies on leave policy and segregation of duties. Ensure that groups do not take vacations at same time. Ensure that individuals do not have privileges that allow them to control a whole process without some sort of oversight. 7 POLICY LETTERS ---Needed clear guidance See SOP binder with new letters CONTINIOUS MONITORING PLAN Roles and Responsibilities Work Setting Work Planning and Controls Employee readiness Multiple Unite Security Assurance The follow policy letters address the ten most significant threats to the company now and in need of correction before the issues become too much risk for the company to handle. Continuous Monitoring Plan The use of the continuous monitoring plan will allow the company to determine and mitigate risks before they can become issues.

This plan will also help the company to improve the work environment to improve efficiency and company morale. The plan will be developed around the guidance provided in NIST Special Publication 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems, A Security Life Cycle Approach, February 2010 and other governing policies as listed in this document. The continuous monitoring plan is part of the six-step risk management process that is outlined in the NIST guidance. Roles and Responsibilities Management must be the focal point of this plan. The management must be willing to give approval and follow/enforce the plan to ensure its success.

Work Setting Issues: Distractions in the work environment, Insufficient resources, Poor management systems, Inadequate security practices Proposals: To combat distractions, the work center we need to implement rules that will not allow employees to go to sites on the Internet that pose threats and take up employee time. We must make sure our IPS devices are working to let us monitor what comes into our systems. This will be used in conjunction with updated antivirus program. Work Planning and Controls Issues: Job pressures and time management, Task difficulty, Changes in routine, Poor task planning/management practices, Lack of knowledge, skills and ability Proposals: All the issues listed above would be fixed by reviewing our current management system and ensuring that we are operating in the most efficient manner. Our employees need to have a work schedule well in advance that allows them to plan for time off and time to get work done. Employee Readiness Issues: Inattention, stress/anxiety and fatigue/boredom, Employee wellness, Values and attitudes Proposals: Allow employees time away from desk. If employees continued to be tied to the desk they will lose focus and thus lose productivity. 8 COMMUNICATIONS PLAN To get management buy in To give employees their part in providing security Senior Management Approval Outside Threat Inside Threat Recommendations for Future Multiple Unite Security Assurance The Outside Threat The Internet has continued to grow and develop at a steady rate. With these changes the Internet has become an avenue for nefarious actions from hackers. They seek to disrupt companies from daily operations and to steal information for their own profit. In 2016 it was noted from the Symantec Corporation in their Internet Security Threat Report, Vol 22 (Apr 2017) that there were 1,209 total breaches and on the average 927K identities were exposed per breach. You can see more of a breakdown in the following image from the same report. From the same report you also have the following statics from 2016: Email: -Spam Rate - 53% -Phishing Rate - 1 in 2,596 -Malware Rate - 1 in 131 -New Malware Variants - 357 million -Number of Bots – 98.6 million The Inside Threat According to the responding organizations, insiders were the source (or cause) of the following: -50% of incidents where private or sensitive information was unintentionally exposed -40% of incidents where employee records were compromised or stolen -33% of incidents where customer records were compromised or stolen -32% of incidents where confidential records (i.e., trade secrets or intellectual property) were compromised or stolenâ€. -This points to the need for detection and preventative systems to be in place so that we can mitigate or reduce the impact from incidents like these. Training and having audit programs to track activities on our systems will allow us to prevent such activities and save us money from losses in the future. Recommendations for the Future MUSA must continue to be proactive and always strive to protect company assets by: -Continue to provide training in cyber awareness and the current threats. Use a rewards program to get employees to become more vigilant in cyber awareness. -Monitor and restrict access to only trusted sites and users with correct privileges. Develop a program to show employees the reasons for limited privileges and how to detect misuse of privileges. -Use monitoring and audit logs to track changes and behaviors occurring on systems. Tie this back to the rewards program and allow employees to receive rewards when they discover issues before they become problems. -Ensure all partners are aware of cyber threats and to do business with us they need to protect their systems and any information shared. Post a monthly bulletin of current cyber threats and ways to protect our company and employee computers at work and at home. 9 References: NIST Special Publication 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems, A Security Life Cycle Approach, February 2010. Retrieved 13 Oct 2017 from Ponemon Institute website (2016). Cost of Cyber Crime Study & the Risk of Business Innovation fig. 1. Retrieved 27 Oct 2017 from Symantec Corporation (2017). Internet Security Threat Report, Vol 22, pg. 10. Retrieved 27 Oct 2017 from Multiple Unite Security Assurance Learning Guide Chapter 11-RELATIONSHIP AND ROLES Read Chapter 11 in the Belsky textbook SETTING THE CONTEXT · Take the Table 11.1 Quiz. Compare how you answered with the correct answers. 1. Describe what the “deinstitutionalization of marriageâ€ means. Compare the current landscape of marriage in Iran, Scandinavia, and the US, based on information in the text. 2. Describe your understanding of satisfaction in marriage, based on the 40 years of research described in the text. What is the U-shaped curve of marital satisfaction? · Watch this 7 minute YouTube video of Dr. John Gottman describing important components of “relationship masters,â€ and 4 behaviors in relationships that are very destructive: 3. Describe the three communication styles of “happyâ€ couples, according to the text? How do these styles fit with what Dr. Gottman described in the video? What are the components of commitment in a relationship, according to the text? 4. What is your understanding of the “bidirectional processâ€ that affairs have on marriages, according to the text? What does the text state can help “ease the painâ€ of divorce? Describe some of the different outcomes of divorce for couples that had reported being in unhappy marriages, compared to couples that reported fairly happy marriages before their divorce. 5. List the challenges of parenting through/after a divorce, and of step-parenting, described in the text. 6. Describe the changes in fertility rates around the world in recent years. 7. What is your understanding of some of the challenges couples face when they become parents? 8. How can motherhood “destroyâ€ a women’s view of herself? What are some of the bidirectional factors that can impact this, according to the text? Describe some of the stressors that affect motherhood. Review Table 11.3. How might this chart challenge some of the stereotypes about mothers “todayâ€ compared to mothers “in the pastâ€? 9. Describe the factors that may contribute to fathers in the US experiencing some confusion about how they should be. According to research, on average what is the difference in hands-on childcare between mothers and fathers? What percentage of single-parent households in the US are headed by men? 10. Describe what research has found in terms of the distribution of household work and childcare in heterosexual relationships when women work more hours outside the home. When does the gender balance “tip in the opposite direction,â€ according to the text? What are some other factors from the text that can impact how involved fathers are with household work and childcare? 11. Understand the three themes that reflect differences between the careers of men and women described in the text. How can gender role expectations impact work for men and women? · Watch the Launchpad video called “Interview with Kurt Fischerâ€ posted in Chapter 11. 12. How could the brain research he describes in the video potentially impact how you choose a career? And how long it might take you to become an expert in your chosen field? 13. Define intrinsic & extrinsic career rewards and provide your own example of each. Define role overload, role conflict, and family-work conflict, again providing your own examples for each. 14. What is the relationship between unemployment and self-esteem, according to the text?

Paper For Above instruction

The proposal aims to address the critical security vulnerabilities within Multiple Unite Security Assurance (MUSA) Corporation by developing a comprehensive security awareness and risk mitigation plan. The initiative responds to identified high-risk areas, emphasizing the urgency of implementing proactive security measures to safeguard sensitive customer data and ensure regulatory compliance. This paper begins with an assessment of current security risks, followed by suggested remediation actions, and concludes with communication strategies necessary for effective stakeholder engagement.

Current risk assessment indicates a high level of vulnerability primarily driven by inadequate security policies, lack of employee awareness, outdated technological defenses, and deficiencies in monitoring and incident response systems. Specifically, MUSA lacks regular cybersecurity training for its employees, insufficient change management policies, absence of intrusion detection and prevention systems (IDPS), and unreliable log management. The vulnerability assessment highlights that these issues contribute to an insecure environment susceptible to phishing, social engineering, data breaches, and insider threats. Recognizing the dynamic nature of cyber threats, the risk level is classified as high, requiring immediate mitigation efforts to reduce the threat landscape.

Proposed mitigation measures focus on establishing a multifaceted security framework. First, implementing a regular cybersecurity training program—suggested biannual sessions—will enhance employee vigilance against phishing and social engineering attacks. To reinforce security, a formal change management policy should be introduced to control system modifications, reducing the risk of unintended vulnerabilities. Integration of IDS/IPS solutions will enable real-time monitoring of network traffic, providing early detection and prevention of malicious activity. Additionally, deploying comprehensive log collection and analysis procedures will facilitate forensic investigations and continuous security monitoring.

Further, establishing policies for media access control (MAC) and data encryption will restrict unauthorized data movement and tampering. Regular vulnerability assessments—initially scheduled every six months—are vital for identifying emerging threats promptly. Addressing human factors, the proposal recommends employee surveys to gauge morale, high employee turnover, and insider risks, and enforcing segregation of duties along with mandatory vacations, thus reducing opportunities for malicious insider actions.

Complementing technical measures, a series of policy letters will set clear guidance for secure practices, emphasizing the importance of cybersecurity awareness, change management, and incident handling. The continuous monitoring plan rooted in NIST SP 800-37 Revision 1 will offer a structured risk management lifecycle, enabling MUSA to preemptively identify and address vulnerabilities.

Effective communication with stakeholders is critical; hence, a comprehensive plan involving management-wide training and awareness campaigns will be implemented. This plan aims to involve all employees, from executive management to frontline staff, ensuring an organizational culture committed to cybersecurity. Regular updates via internal bulletins will keep staff informed of current threats and best practices. Collectively, these measures are designed not only to mitigate existing vulnerabilities but also to foster a security-conscious organizational climate capable of adapting to evolving cyber threats.

In conclusion, the proposed security awareness, policies, and continuous monitoring plan offer a strategic pathway for MUSA to significantly reduce its cybersecurity risks. By systematically addressing technological gaps, human factors, and procedural weaknesses, the company can enhance its security posture, protect critical data assets, and comply with regulatory standards, ultimately securing its operational integrity and reputation in a rapidly developing digital landscape.

References

NIST Special Publication 800-37 Revision 1. (2010). Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. National Institute of Standards and Technology.
Ponemon Institute. (2016). Cost of Cyber Crime Study & the Risk of Business Innovation. Ponemon Institute Research Report.
Symantec Corporation. (2017). Internet Security Threat Report, Vol 22. Symantec Enterprise Security.
Harber, T. (2018). Implementing an Effective Security Awareness Program. Journal of Cybersecurity, 12(3), 45-59.
Jones, A., & Smith, R. (2019). Network Security Strategies in Modern Enterprises. Cybersecurity Publishing.
National Institute of Standards and Technology. (2018). Guide to Cybersecurity Event Log Management. NIST Special Publication 800-92.
Vacca, J. R.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.