Technical innovations and advancements are the order of the day in the current business environment all over the world. Due to the progression in technology and the ever-changing customer demands, businesses are now leveraging on sophisticated and complex software as well as investing in complex management programs to improve security and service provision. On the contrary, the advent of technology in organizations has introduced new challenges associated with stealing of information and risk of data. The rate at which organizations are losing confidential data to malicious individuals is alarming to all firms regardless of their size and financial capabilities. These risks can either be perpetuated internally or externally (Layton, 2016) . While most of the threats to security are external, internal threats have become the leading threat to information security. This is because people inside the organization are much familiar with the firm’s infrastructure thus the attacks are more severe. Although most of the security issues are caused by the malicious activities of the perpetrators, most of these attacks are made successful due to lack of proper security plans and lack of attention to the need for securing data by the organization. These security lapses significantly affect organization’s services and the ability to guard the confidentiality of the customer data (Tsohou, 2015) .
Organization’s security awareness training initiatives ensure that workers are less likely to make errors which can be costly in terms of securing organization’s data. The Identity Management and Security Awareness Training Plan is a document designed to provide a guideline on the proper ways or a comprehensive guideline on operating systems, network security, application fixes and patches as well as auditing procedures that should be followed.
Delegate your assignment to our experts and they will do the rest.
Operating systems and taking measurements in hardening it
The operating system is one of the areas that are critical to every organization which has invested in systems in its operations. Due to this importance, training on how to harden the essential OS components is necessary. The organization’s OS needs to be protected from both inside and outside security threats to avoid malicious access to the sensitive private information. In an organization which uses computers for rendering its services, the operating system is the heart as it manages and controls all hardware and other software resources and provides protection to organization’s data. The importance of operating system calls for measures to be taken continuously to harden it as part of the training plan. This entails securing or strengthening servers, computers and the OS itself to assure protection of organization’s data. It also involves turning off unnecessary services which contribute to insecurity as they may be exploited by the hackers.
Other measures that are involved in hardening of the operating system include installing antivirus, antispyware and firewall as well as other security patches from OS vendors and manufactures. Another important hardening stage involves disabling of non-essential applications to secure all servers and individual workstations.
Securing the network, systems, and peripherals
Just like securing the computer peripherals, securing internal systems and the entire network is critical to information security. The main reason behind the importance of securing these areas is due to the fact that data interference is not only done from the outside sources but can also be done from the inside as well. Failure to put up proper measures that protect against pilfering can lead to loss or interference of classified data of a firm. The advancements of the organizations which allow more devices such as smartphones, laptops, and computers to be connected to a single network, it poses danger to information which can be made worse by sniffing and tapping. Furthermore, file sharing among nodes in a network must be secured since information can be leaked or accessed in the network (Jayasmruthi, 2017) .
The training plan on the network peripheral devices should consist of encryption of data using security protocols such as wireless encryption protocol (WEP) and use of passwords as well as defining network policies for effectively guarding data from unwanted access. Training should also lay emphasis on ways of implementing access to hardware using security measures such as biometrics and guarding against the malicious files from the internet such as spam and hacking attempts.
Applying patches and fixes
Just like the other security awareness measures, the component of application of patches and fixes is a critical area in security awareness and identity management training. Patches are simply part of the software which is able to fix different kinds of issues which include bugs in software, viruses and even the security vulnerabilities in the system. They are applied to improve the usability and performance. Applications and software within the organization should be updated regularly as a way of applying the most recent fixes (Monperrus, 2017) . The training plan should focus on setting up systems for an automatic update as provided by the systems as well as manually applying fixes in operating systems.
Auditing and maintaining security
Auditing and security maintenance is a critical block in security awareness and identity management. Audit trails, for instance, are vital as they allow recording and tracking of changes which are carried out by every individual in the organization. The training should determine the level of auditing that needs to be carried out (Kolhar, 2017) . Other than this, the training should focus on the network attacks which pose threat to the information and resources needed for auditing of the same. Additionally, the security maintenance plan which has been overlooked should also be taken seriously as a component that determines efficiency. The training in this area concentrates on the optimal levels that computer system in an organization need to run to improve performance and reliability.
References
Jayasmruthi, A. &. (2017). A survival study of security attacks, security mechanisms and security challenges in network security. Advances in Natural and Applied Sciences, 11(5 SI), 58-67.
Kolhar, M. A.-A.-a. (2017). Cloud Data Auditing Techniques with a Focus on Privacy and Security. IEEE Security & Privacy, 15(1), , 42-51.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance. CRC Press.
Monperrus, M. (2017). Automatic software repair: a bibliography. ACM Computing Surveys.
Tsohou, A. K. (2015). Managing the introduction of information security awareness programmes in organizations. European Journal of Information Systems, 24(1), 38-58.
