The Security Training Module Section, Research Paper Example

Security Training Module

This Security Training Module will incorporate a number of aspects of the security management plan. The module will define all the roles of different personnel incorporated in the security management plan. The unit will also address a number of courses as well as workshops that are necessary in enhancing the security management plan when adopted by the employees. A matrix representing the organization’s training needs will be incorporated to offer a clear analysis of the training dynamics in the corporation in this module.

A training module is a document prepared to sensitize as well as raise awareness concerning an aspect the management of an organization considers being beneficial to be influenced through mobilization. In this instance, EM’s Bakery Limited found it necessary to mobilize its employees on the issue of system security; the company obtains its sales and revenue data on computer systems across different remote areas (Scambray, Shema, & Sima, 2006).

Roles list

System administrator- the system administrator is responsible for all the fixing as well as protection of the network. Moreover, they should be responsible for developing the IP scheme of a new network extension. It is pertinent to note that they should prepare regular reports on the performance of the system. Another responsibility is receiving reports on anomalies of the network.

System developer- this is the person tasked with modification as well as implementation of the different network scheme. They should document the development process of a software or system to be used in the organization. They should develop and integrate virtual firewalls and implement other security measures across the organization’s network.

Administration personnel- they are responsible of verifying the sales revenue report and have an access to the organizations databases.

Personnel working at the point of sales- report changes on order details to their supervisor as well as input sales details.

Clerical supervisors- report any anomalies in the system as well as implement changes in the sales and order databases.

Clerical- the responsibility of the clerical officers is to report any anomalies to the system administrator as noticed in their line of duty. They also input sales and revenue data into the system.

List of courses and workshops

1. Securing networks with PIX and ASA
2. Basics of network security.
3. Information Security awareness
4. Fundamentals of system security
5. Electronic security
6. Digital forensics
7. System risk management

The cross-reference matrix provides a clear visual representation of the different training needs of EM’s Bakery Limited. It is pertinent to note that the organization should match its training needs with the courses and workshops available to employees. There are a number of factors to be put into perspective which include the rank of the employee and the devices they interact with before a course is selected for them (Purser, 2004).

Network security and training needs

The operations of EM’s Bakery Limited form the basis for establishing the training needs of the organization at both the head office and the remote sales sites.

1. Operating system security
2. Web applications security
3. Web server as well as web application server security
4. Security against network vulnerability and scanning tools
5. Fundamental information of network attacks to all the employees using the system.
6. Intranet security
7. Understanding the responsibilities across the network on information security
8. Detection of system attacks and other digital crimes
9. Collection and preservation of information and evidence concerning digital crimes
10. Prevention of digital crimes
11. Investigation techniques for digital crimes.

These training needs in the organization are necessary because the computer system should be flexible enough to serve the organization on remote locations; it should be secure enough to safeguard the critical information in the system databases. The interdependency of computer systems across different networks is the cause of security challenges in computer systems (Brooks, & Prowse, 2008).

The vulnerabilities and criminal attacks on a computer system can be reduced trough effective training of staff. Information assurance and security fundamentals form the first step of ensuring a secure network. Through the capability maturity and model integration, it is possible to identify which individual qualifies for which course or workshop. The significance of training whilst enhancing the security level in the organization’s computer systems is also identified. The distinct levels of maturity are instrumental in the management as well as optimal utilization of resources (Stallings, 2000).

References

Brooks, C. J., & Prowse, D. L. (2008). CompTIA A+: exams A+ essentials (220-601), 220-602, 220-603, 220-604. Indianapolis, Ind.?: Que Pub..

Purser, S. (2004). A practical guide to managing information security. Boston, MA: Artech House.

Scambray, J., Shema, M., & Sima, C. (2006). Hacking exposed: Web applications (2nd ed.). New York: McGraw-Hill.

Stallings, W. (2000). Network security essentials: applications and standards. Upper Saddle River, NJ: Prentice Hall.