Create a Security Awareness Policy

at
Categories
Tags

Note: A strong security awareness policy is a key component of a strong organizational security posture. The effectiveness of a security awareness training policy and program will directly influence how well employees will value and protect the organization’s security position. When writing a security awareness training policy, consider the following questions:

Is the policy statement as concise and readable as possible? For example, no more than one to three sentences.
Is the entire policy as concise and readable as possible? For example, no more than two to three pages.
Does the policy align well with other governing documents?
Does the policy speak directly to the target audience?
Does the policy state the “why” with only the minimal detail, and rely on standards or guidelines for the “how”? Policies should be written in such a way that they will not need frequent updates.
Does the policy adequately describe scope and responsibilities?
Are the policy’s revision, approval, and distribution documented?

After the policy has been approved, its success relies on proper delivery and understanding. To simply give a new employee 5 minutes to read and sign a policy during orientation is not enough. Focused and interactive “policy understanding” sessions should guarantee every employee understands the policy’s reasoning and necessity. Customizing these sessions according to department or function can drastically increase how much employees retain of and apply the training during their work. Repeat sessions reinforce the policies and keep material fresh in their minds.

1. Review the following scenario for the fictional Bankwise Credit Union:

o The organization is a local credit union that has several branches and locations throughout the region.
o Online banking and use of the internet are the bank’s strengths, given its limited human resources.
o The customer service department is the organization’s most critical business function.
o The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.
o The organization wants to monitor and control use of the Internet by implementing content filtering.
o The organization wants to eliminate personal use of organization-owned IT assets and systems.
o The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls.
1. The organization wants to implement security awareness training policy mandates for all new hires and existing employees. Policy definitions are to include GLBA and customer privacy data requirements, in
o addition to a mandate for annual security awareness training for all employees.
2. Create a security management policy with defined separation of duties for the Bankwise Credit Union.

Bankwise Credit Union

Security Awareness Training Policy

a) Policy Statement
Define your policy verbiage.

b) Purpose/Objectives
Define the policy’s purpose as well as its objectives.

c) Scope
Define whom this policy covers and its scope. What elements, IT assets, or organization-owned assets are within this policy’s scope?

d) Standards
Does the policy statement point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards.

e) Procedures
Explain how you intend to implement this policy for the entire organization.

f) Guidelines

Explain any roadblocks or implementation issues that you must overcome in this section and how you will surmount them per defined guidelines. Any disputes or gaps in the definition and separation of duties responsibility may need to be addressed in this section.

Sample Solution

of using it to pre-assign pupils to a specific pathway (Bartlett, J. 2016) After observed practice took place conversations between the author and teachers arose regarding differentiation. Some teachers felt that their students would pick unsuitable worksheets having been given the choice based on 2 things; they would choose something easier that they felt comfortable with and knew they could do, therefore not deepening their understanding or challenging themselves but getting a lot of written work done, or they chose something too challenging in order to brag to their classmates but they wouldn’t understand how to complete the work and then struggle throughout the class, not improving their understanding and getting minimal work done. Bartlett, J (2016) is a known critic of the theory of categorising pupils according to a predetermined ability. He suggests ‘Where differentiation won’t work to best effect is when we categorise pupils according to a predetermined ability and this is one of the concerns when teachers differentiate by using data ineffectively – essentially they categorise pupils according to prior data or target grades and then label them as low-, middle- or high-attaining (which tends to stick). In pre-assigning pupils to a specific classification (effectively pre-planning learning) we potentially apply a glass ceiling to some pupils’ (Bartlett, J.2016). Others will argue alongside this approach and advocate that ‘Once learners become actively engaged in their own learning process, they develop a sense of being in control. This has been shown to improve self- esteem and motivation. A learner’s awareness of learning preference and an understanding of the learning process, as well as metacognitive engagement, can lead to improved learning outcomes’ (Pritchard, A. 2005) Whether some teachers are fearful of pupil choice activities or embrace this, differentiation by task is key in every classroom. To conclude, Bartlett, J (2016) promotes the idea that ‘Classrooms that promote pupil choice and embed routines that demonstrate mutual respect are supportive learning environments for all pupils and differentiation underpins this.’
3- Varying the levels of challenge.
“In most school tasks, we need to already know about 90% of what we are aiming to master in order to enjoy and make the most of the challenge..” (Burns, 2002 in Hattie, 2012) Differentiation by task is achieved by varying the level of challenge posed to pupils of different abilities. This involves modifying the classroom task; the range of intellectual challenge in the tasks set (as set out in, for example, Bloom’s Taxonomy) for example: an abstract or generalised task; simple factual questions; a task with an explicit practical application of relevance to the child’s personal experience; a task requiring empathy with those increasingly different in time, place or experience from themselves; a task requiring pupils to explain or justify their own views or those of others (South Gloucestershire Education Service) Bloom’s taxonomy is a rich source of ideas for making increasing demands on pupils’ cognitive processes and, as such, is useful in designing challenging activities for all pupils..(Bartlett, J.2016) Bloom’s taxonomy can support differentiation in a wide range of teaching activities, from extended independent work, through differing written questions on a shared text or topic, to short-term variations in the levels of challenge provided during interactive whole-class teaching and tasks (Bartlett, J.2016).
A masterful teacher will teach to a student’s Proximal Zone (Nancy,S. 2013) Vygotsky

This question has been answered.

Get Answer
WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, Welcome to Compliant Papers.
Hi, how can I help?