Tutorial 2 (MIS) - Group 2 of each tutorial group will present their responses. 1. Security awareness training is necessary to teach employees "safe computing" practices. The key to effectiveness, however, is that it changes employee behavior. How can organizations maximize the effectiveness of their security awareness training programs? Management need to clearly demonstrates that it supports employees who follow prescribed security policies. The program’s implementation must be fully explained to the organization to achieve support for its implementation and commitment of necessary resources incentives and rewards: you will be rewarding majority of the people though because most people follow rules. negative reinforcement: put in as part of appraisal so that people will be much more careful. negative reward is better because certain rules you are expected to follow as it is part of contract. enforcement of sanctions against employees who willfully violate security policies. effectiveness of training: hands on, role play, role model: top management must also abide the rules give tests give examples of actual frauds that have occurred so that people can relate to it have training once every few months 2. Which preventive, detective, and/or corrective controls would best mitigate the following threats? a. An employee's laptop was stolen at the airport. The laptop contained personally identifying information about the company's customers that could potentially be used to commit identity theft. Preventive: physical access controls like having password Detective: log analysis to identify evidence of possible attacks Corrective CISO encryption restrict movement of laptop ( not practical), tracking device on laptop: dun allow employee to put sensitive things on laptop employee should be careful: fine him when laptop gets stolen train employees to be aware that they should not leave the laptop anywhere corrective: remotely destroy the data compensation to the customer. inform customers when like credit card details is in the laptop b. A salesperson successfully logged into the payroll system by guessing the payroll supervisor's password.
Preventive: authorisation Detective: IDS Corrective: Patch Maximum login attempts stronger password requirements multi layer of security , not only password biometrics like fingerprint requirement to change password regularly c.
You've reached the end of your free preview.
Want to read all 7 pages?
- Winter '14
- Computer Security, Wireless access point, security awareness training, Corrective Controls, Network access controls, corrective ciso