Security Awareness Training Plan for MEMATECH Solutions Limited - Case Study Example

Identity Management and Security Awareness Training Plan An effective and well-build identity management and security awareness training plan can be regarded as a decisive approach by an organization towards enhancing security controls, data ownership responsibility, along with maintaining security infrastructure of a particular enterprise. An adequate and strong set of security measures can facilitate to maintain effective control of the enterprise’s internal resources and aid to protect the data system and network from numerous types of disruptions. Therefore, the following discussion demonstrates an effective identity management and security awareness training plan for MEMATECH Solutions Limited (MEMATECH). The proposed training plan for the organization incorporates few major activities with respect to enhancing the security level of the data and information along with protection capability of controlling data system and communication networks of the organization. In this regard, the training plan of the organization is to take effective measurement of the operating system, which can enable the employees of MEMATECH to ensure effective utilization of the organizational resources. The activities associated with securing communication networks, systems and peripherals have also been incorporated within the training program. Moreover, the proposed identity management and security awareness training plan would also suggest a set of effective ways of applying patches and fixes to MEMATECH along with various exercises associated with improving auditing and maintaining security of the overall systems as well as communication networks within the organization. Table of Contents Abstract 2 Training Program for Maintaining Efficiency and Hardening Security of Operating System 4 Securing the Network, Systems, and Peripherals 5 Applying Patches and Fixes 6 Establishing Practical and Timely Alerts 7 Receiving or Discovering Notification of the Patches 7 Testing and Documentation of the Patches 7 Deployment of the Patches 8 Auditing and Maintaining Security 8 Physical Security Plan 9 Monitoring Physical Access 9 Controlling Physical Access 9 Maintenance and Testing of the Physical Security 10 Controlling Physical Access 10 Maintenance and Testing of the Physical Security 10 References 11 Training Program for Maintaining Efficiency and Hardening Security of Operating System Maintaining the efficiency and ensuring effective utilization of the operating system is one of the primary steps for an enterprise to protect data and information. In order to protect data and information along with enhancing the efficiency of the operating system, the training program for MEMATECH would focus on providing adequate learning and protective measures to each employee within the organization. In this regard, the data management and controlling measures associated with the user system would be instructed to deploy security lock, which can ensure to protect data from the external threats. Correspondingly, the training program would ensure to provide adequate instruction to the users towards maintaining proper use of each operating system associated with the operations in MEMATECH. Moreover, the employees of the organization would also be educated to develop user identity for each system along with different other systems associated with the operations of MEMATECH. The deployment of user security within each system used in MEMATECH would enable the organization to protect its various types of confidential data and information. They will also be qualified in terms of effectively using the security screened software for hardening the overall security measures and protecting data and information from both the internal and external threats. In this process, the employees of MEMATECH would be provided adequate training to create own ‘User Accounts’ and to uphold their appropriate security use to protect information. The training plan would also include the process of File System security along with removing of needless services which can further enable the organization to enhance the performance of the operating system and protect confidentiality of each user. The employees of MEMATECH would also be encouraged towards running different essential services with their own user accounts, rather than unprivileged or suspicious accounts. Securing the Network, Systems, and Peripherals Building strong capability of the system and communication networking process is a significant factor for the organizations to streamline communication and enhance transaction capability of each user within a particular intranet domain. In relation to the proposed identity management and security awareness training plan, it is essential to provide adequate knowledge to the employees to improve their skill to troubleshoot various types of network related vulnerabilities. The maintenance plan concerning the installation of advanced network security devices is one of the essential steps for the organization to uphold the security of its vital information. In the context of the training program for MEMATECH, the network related training program would focus on improving the knowledge and capability of the employees to enhance their performance within the organization. Correspondingly, the training activities associated with networking system would highly focus on monitoring performance of the network security devices as per their expected outcomes. In order to increase the capability of the network, the training activities would also focus on educating employees in better alignment of network security devices that are deployed to develop the performance of MEMATECH. Confirming appropriate development of the network security devices installed in MEMATECH would also be instructed, which can further enable the employees to identify possible consequences of the threats within the network. Additionally, the improper or unstructured maintenance plan of the network security devices can generate various types of risks for MEMATECH. As the company deployed network-based security software and hardware along with different intrusion devices, it is essential to ensure that the employees are aware of the functions and performance of the system. Therefore, the training program would facilitate the workforce through providing demonstrative learning activities regarding the intrusion detection devices, firewalls, honey pots, monitoring, and gateway anti-virus to screen for any DOS attack, port scans, virus signature and other attacks, and attempts of security breaches (North American Electric Reliability Corporation, 2008). Applying Patches and Fixes Developing security patches for the operating system and communication networking devices is also a major aspect to maintain continuous transaction of data and information within the organization. In relation to certain observations, it has been recognized that the IT infrastructure of MEMATECH, the hardware and software equipment deployed in the organization are up-to-date with most recent patches and anti-malware signatures that ensure to protect the operating system to face potential vulnerabilities. Moreover, the organization also inevitably deploys patches to IT devices through the effective use of patch management tools. The automated deployment of patches and anti-malware signatures significantly enables the system administrators to update numerous systems within the enterprise from a single console. In this context, it can be ascertained that the training activities regarding the use of patch management tools would focus on educating system administrator(s) has been characterized into few practices (The Government of Hong Kong Special Administrative Region, 2008). Establishing Practical and Timely Alerts The system administrator in this process would be trained to ensure that the patches are well-defined and installed in a timely and more practically manner. As the software vendors are recognized to continuously announce vulnerabilities therefore it is essential to keep a track of and establish timely and practical alerts practice (The Government of Hong Kong Special Administrative Region, 2008). Receiving or Discovering Notification of the Patches In this process, the system administrators of MEMATECH will be ensured to maintain strong relationship with the software vendors to avail the timely alerts of IT vulnerabilities and their possible patches (Liu et al., 2009). Testing and Documentation of the Patches The system administrators of MEMATECH would be trained to ensure that the patches to be installed are tested regarding their compatibilities and effectiveness to the overall IT infrastructure. The process would enable the administrators to critically identify the vulnerabilities, which may have various types of consequences for the IT systems. Besides, documenting process of the patches with respect to their sources and integrity is also important for the administrators to evade potential threats (Mell et al., 2005). Deployment of the Patches In this process, the system administrators will be provided training about the essential technical aspects such as tools and methods to be implemented in the deployment process of the patches. As the patches are designed to be automatically deployed therefore the administrators of MEMATECH would focus on testing and documentation of the patches prior to deploying within the system. With regard to the aforesaid training procedure, the selection, testing and documentation process of patches for the IT system would enable the administrators of MEMATECH to enhance the managing capability and strengthen security awareness of the enterprise (Liu et al., 2009). Auditing and Maintaining Security Auditing the steps associated with the deployment of various technological aspects can be considered as an important practice for the system administrator to enable the enterprise to avert various types of potential vulnerabilities. Therefore, the training activities for auditing and system security measures would focus on aiding the administrators to keep adequate track of the physical security and monitoring process. Physical Security Plan ‘Physical Security Plan’ is determined as one of the pivotal processes which is generally developed to ensure that all the ‘Cyber Assets’ integrated within the electronic security perimeter also exist in an identified electronic perimeter. Moreover, the ‘Physical Security Plan’ tends to identify and control each access point of the ‘Physical Security Perimeter’. The process is also responsible for integrating tools and procedures for reviewing appropriate accession of the users which can further empower the physical security of the ‘Cyber Assets’ (North American Electric Reliability Corporation, 2008). Monitoring Physical Access The continuous monitoring process of the physical access would enable the system administrators to implement various procedural controls over each access point of the ‘Physical Security Perimeter(s)’ (North American Electric Reliability Corporation, 2008). Controlling Physical Access The training process associated with controlling of physical access would enable MEMATECH to document and to execute adequate procedural measures to effectively manage the accession of physical entity within each access point of the security perimeter(s) (North American Electric Reliability Corporation, 2008). Maintenance and Testing of the Physical Security This process would provide adequate support to MEMATECH to execute appropriate maintenance programs of the entire IT infrastructure. The execution of the maintenance or testing of the physical security would also ensure that the access points within the physical security perimeter are performing effectively (North American Electric Reliability Corporation, 2008). Therefore, the training activities associated with maintaining security and auditing process would enable MEMATECH to avert various types of vulnerabilities that might create major threats for the organization. Controlling Physical Access The process would also enable the government agency to document as well as implement adequate procedural measures to effectively manage the accession of physical entity within each access point of the security perimeter(s) (North American Electric Reliability Corporation, 2008). Maintenance and Testing of the Physical Security This process would provide adequate support to the agency to efficiently execute appropriate maintenance programs. The execution of the maintenance or testing of the physical security would also ensure that the access points within the physical security perimeter are performing effectively (North American Electric Reliability Corporation, 2008). References Liu, S., Kuhn, R. & Rossman. H. (2009). Surviving insecure IT: Effective patch management. IEEE Computer Society, 11(2), 49-51. Mell, P., Bergeron, T. & Henning, D. (2005). Creating a patch and vulnerability management program. National Institute of Standards and Technology, 2, 1-75. North American Electric Reliability Corporation. (2008). Cyber Security —Physical security of critical cyber assets. Standard CIP-006-1a, 1-6. The Government of Hong Kong Special Administrative Region. (2008). Patch management. Retrieved from http://www.infosec.gov.hk/english/technical/files/patch.pdf Read More