Your medium-sized company has recently expanded funding for the IT department and is adding dedicated specialists to “Risk Assessment” and “Incident Response” teams. You’re helping with the organization of the new structure. What kind of certifications and education are you going to be looking for when assigning existing team members and new hires to these teams? How are you going to describe their jobs to them? Should these teams work together, or be independent of one another? Why? What should be the first projects each should undertake in your opinion, based on this week’s study?
- Examine the implementation issues for IT security policy development. Determine which of these issues are the most challenging for organizations to overcome and explain why.
- Propose at least three control measures that organizations can implement to mitigate the potential issues associated policy development and implementation.
- Develop a list of the key elements that need to be included in a security awareness program. Analyze how security awareness programs differ from security training programs.
- Examine at least four common hindrances to organizations developing effective security awareness programs and security training programs. Propose solutions to these hindrances.