CCCS 452 Security Program Architecture And Engineering.docx
1. CCCS 452 Security Program Architecture And Engineering
Answer:
Introduction:
ABC Pvt Ltd has been operating locally and providing services to its customers. The
organization is entrepreneurial with 5 HR, 10 admins and 20 engineers. The paper briefly
discusses the development of an Email and Malware Awareness and Training Program for
the organization to minimize the risks and provide security to public data.
Risk Assessment:
Emails are one of the central modes of communication in the organization. Thus, criminals
are finding new ways to breach the security of the company by using malicious emails. The
threat of using email might lead to delivery of malware by spams. Emails are often gateway
to phishing leading to theft of credentials (Miranda, 2018). Emails with malware can lead to
unidentified control facilitating unethical access to confidential information about
employees and admins and disrupt the access to resources by Engineering department
(Cuchta et al., 2019). Email spoofing enables criminals or malicious programs to falsify
sender information. These problems can be mitigated by using a secure and robust mail
server and client with proper authentication and periodic testing of security. The risks from
emails can be vastly reduced by implementation of an email and malware awareness and
training program.
Outline Awareness And Training Program:
Email and Malware Awareness and Training Program (EMATP) held in of ABC Pvt Ltd will
help the employees gain a deeper understanding about the impact of breaches in security
and malware attacks through email communication (Sharma & Bashir, 2020). The online
awareness training comprises of step-by-step procedures by starting with a basic test about
emails and uses and importance to determine their preliminary knowledge. The staffs are
trained by using online lessons and courses that help in understanding the ways to mitigate
email threats. The importance of reporting and follow ups for malicious mails are taught
(Hwang et al., 2021). Games and random tests are organized to evaluate the results of
learning from online classes. The staffs are made familiar with the best practices, rules and
2. protocols for secure email communication reducing job stress and increasing resilience
(McCormac et al., 2018). Certifications are handed out at the end to certify the staff about
their levels of understanding on the importance of protection from harmful emails and
malwares for the benefit of the organization.
Training Module:
Activities
Target Audience
HR
ADMIN
Engineering
Initial Basic test
Yes
email security
email management and administration
4. email security and malware protection.
Online training
90 % participation
Secure HR from specific threats.
user authentication, information protection, ransomware
implementation of procedures for email and malware security.
Games
100 % participation
Simple phishing simulation
Spam awareness and network protection games
Platform to create their own email security procedures
5. Random tests
95% participation
email security
user authentication.
email security implementation,
Certification
100% participation
certificate for HR.
certificate for Admin.
certificate for Engineering.
6. Challenges:
The program had to reach all the HR, Admin and Engineering staff of ABC Pvt Ltd but there
were few challenges that it had to overcome. The program implemented uses the latest and
most valuable information about cybersecurity awareness and training the employees to
deal with the current threats and attack techniques as most cybersecurity contents gets
outdated fast (Aldawood & Skinner, 2019). Every employee needed to participate thus all
activities are carried out online within quick intervals not making the program burdensome
for the employees and easier program administration. The inclusion of games made the
procedure fun to learn and harder to forget (Scholefield & Shepherd, 2019). The program
was designed to generate interest of the staff toward learning about email protection as
most of the corporate communication are done through emails. The program is tailored to
teach the employees and generate a culture for the need of security in emails.
Policy And Guidelines:
The policies and guidelines for EMATP in ABC Pvt Ltd helps in successful execution of the
steps of programs and provide constant guidance to awareness toward email and malware
protection. The policy states that all the members of the organization have to attend the
program at their time of convenience. The training will be provided both online and offline,
just like the games and tests conducted. The records from the test will be distributed
individually along with the certificate of level of understanding of email security (Santos,
2018). The policy of the program requires the program to be technologically updated and
use the learning from the latest security breach and malicious attacks (Hu, Peng & Wang,
2018). The policy focuses on the best practices towards email security (Ponsard &
Grandclaudon, 2019). The certificates are provided by third party organization and it gives
company a different view towards the results and analysis. Thus, the policies and guidelines
make the program rigid and important to be implemented in the organization (Hwang et al.,
2021).
Evaluation:
EMATP in ABC Pvt Ltd provides training for the staff to develop a deeper understanding
about the necessity of protection from malicious emails. With the latest technological
advancement in cyber-attacks through emails, it is necessary for the organization to educate
employees by conduct this program (Aldawood and Skinner 2018). The program consists of
basic test at the beginning followed by online classes on email security and malware
prevention. Random games and tests are organized to determine the results which are
certified according to the level of understanding of the staff about the topics taught. The
EMATP provides awareness about the necessary information on latest breaches and ways to
mitigate the risks of the emails.
Conclusion:
7. EMATP is used ABC Pvt ltd to develop a deeper sense of understanding about malware and
security of the emails. The paper describes the risks of emails and malwares and the
program comes as a solution to those risks. The program is conducted in form of online
classes and evaluated using games and random tests. Certifications are provided in the end
to determine the degree of understanding about the topic. The training module of the
project is shown in the paper following by the challenges of implementing EMATP in the
firm. Lastly, the paper includes the policies and guidelines of EMATP and the complete
evaluation of the program.
References:
Aldawood, H., & Skinner, G. (2018, December). Educating and raising awareness on cyber
security social engineering: A literature review. In 2018 IEEE International Conference on
Teaching, Assessment, and Learning for Engineering (TALE) (pp. 62-68). IEEE.
https://doi.org/10.1109/TALE.2018.8615162
Aldawood, H., & Skinner, G. (2019, May). Challenges of implementing training and
awareness programs targeting cyber security social engineering. In 2019 Cybersecurity and
Cyberforensics Conference (CCC) (pp. 111-117). IEEE.
https://doi.org/10.1109/CCC.2019.00004
Cuchta, T., Blackwood, B., Devine, T. R., Niichel, R. J., Daniels, K. M., Lutjens, C. H., ... &
Stephenson, R. J. (2019, September). Human Risk Factors in Cybersecurity. In Proceedings
of the 20th Annual SIG Conference on Information Technology Education (pp. 87-
92). https://doi.org/10.1145/3349266.3351407
Hu, H., Peng, P., & Wang, G. (2018, September). Towards understanding the adoption of anti-
spoofing protocols in email systems. In 2018 IEEE Cybersecurity Development (SecDev)
(pp. 94-101). IEEE. https://doi.org/10.1109/SecDev.2018.00020
Hwang, I., Wakefield, R., Kim, S., & Kim, T. (2021). Security awareness: The first step in
information security compliance behavior. Journal of Computer Information Systems, 61(4),
345-356. https://doi.org/10.1080/08874417.2019.1650676
McCormac, A., Calic, D., Parsons, K., Butavicius, M., Pattinson, M., & Lillie, M. (2018). The
effect of resilience and job stress on information security awareness. Information &
Computer Security. https://doi.org/10.1108/ICS-03-2018-0032
Miranda, M. J. (2018). Enhancing cybersecurity awareness training: A comprehensive
phishing exercise approach. International Management Review, 14(2), 5-10. Retrieved
from: https://www.imrjournal.org/uploads/1/4/2/8/14286482/imr-v14n2art1.pdf ,
Accessed on: 13-01-2022.
8. Ponsard, C., & Grandclaudon, J. (2019, February). Guidelines and tool support for building a
cybersecurity awareness program for smes. In International Conference on Information
Systems Security and Privacy (pp. 335-357). Springer, Cham. https://doi.org/10.1007/978-
3-030-49443-8_16
Scholefield, S., & Shepherd, L. A. (2019, July). Gamification techniques for raising cyber
security awareness. In International Conference on Human-Computer Interaction (pp. 191-
203). Springer, Cham. https://doi.org/10.1007/978-3-030-22351-9_13
Sharma, T., & Bashir, M. (2020, July). An analysis of phishing emails and how the human
vulnerabilities are exploited. In International Conference on Applied Human Factors and
Ergonomics (pp. 49-55). Springer, Cham. https://doi.org/10.1007/978-3-030-52581-1_7
Santos, O. (2018). Developing cybersecurity programs and policies. Pearson IT Certification.
Retrieved from:
https://books.google.co.in/books?hl=en&lr=&id=zgNkDwAAQBAJ&oi=fnd&pg=PT22&dq=D
eveloping++Cybersecurity++Programs+and++Policies&ots=A6YoyFXFIo&sig=Z3s-
qOAcQwfg7NPm6kIKrso5N38&redir_esc=y#v=onepage&q=Developing%20%20Cybersecur
ity%20%20Programs%20and%20%20Policies&f=false , Accessed on: 13-01-2022.