Consider your case study from the previous week. Now, we have learned additional information by interviewing the intern. We have learned that the intern had missed the last two security awareness training sessions: The intern perceived this training as having a low priority compared to their other responsibilities, and thought that there would be no new or relevant information relative to their role in the organization.

For your initial post, select one of the following and respond to it:

• What changes could be made that would help build a more security-aware culture within the security organization? Justify your response.
• What tactics or strategies could you employ to help shift people’s perspectives from reactive to proactive when it comes to security? Justify your response.

In your responses to your peers, address the following:

1. What would you do differently?
2. What additional recommendations would you have for the solution they provided?
3.  
4. initial post a couple of paragraphs. responses a paragraph each

 

Security Training Discussion Responses

Response I

Hi Sholes-Pinder. Besides making leaders understand that security is mandatory, it is also critical to inform them of typical consequences and threats of non-compliance. They must comprehend various identifiers of "real" occurrences and the influence of different actions on best practices. Therefore, leaders must refrain from looking down upon employees and understand their role and potential vulnerabilities in the network. In a nutshell, I would still inform leaders that security is mandatory, but I'd also emphasize the consequences of ignorance and non-compliance. Further, I'd also recommend leaders introduce new hires to existing security practices to equip them for current and future roles. They must also empower old employees to demonstrate operations and protocols to their new colleagues to ease the learning process and nurture proper transition.   

Response II

            Hi Levasseur. I also responded to both prompts and agree they are not mutually exclusive. Creating a security-aware culture can be pretty daunting, especially for new employees who could lack the urgency or drive to learn. Therefore, organizations must revise training programs annually to make them more exciting and refreshing for new and old trainees (Khando et al., 2021). For instance, I'd encourage top managers to be actively engaged in the training programs to demonstrate the long-term benefits of security awareness for the company and career development. The approach would complement your personalization ideology by encouraging managers to connect with trainees emotionally to make the process persuasive. Overall, the system will build a security-awareness culture and make employees more proactive.

Security Training Discussion

Proposed Changes

            The first step I would undertake in building a knowledgeable culture is making training mandatory. Last week's case study indicated that employees must enhance their cybersecurity awareness and the subsequent risks of ignorance or unawareness. Most importantly, new interns and employees should be introduced to the training program right after completing the orientation process. The approach gives an incentive for most individuals who lack self-drive or the innate awareness of the benefits of training. New employees should be rewarded for completing the comprehensive training sessions, exposing them to the industry's realities.

Proposed Strategies

            Instilling a proactive perception on people requires immense exposure to the imminent risks facing every user. The approach clarifies the position and importance of users in a network and could lay a proper foundation for best practices. One could pinpoint a users’ negative actions and illustrate the numerous collective and individual consequences. Moreover, updating security measures and protocols strengthens network structures and minimizes risks of personal exposure. From the scenario, introducing new hires to the existing security practices would shift their mentality and prepare them for future careers. Senior colleagues must play a significant role in the strategy by demonstrating how the firm undertakes routine processes. Notably, employees must also comprehend vital reactive measures that can be incorporated when proactive actions prove futile. Finally, the company must undertake regular training for existing and new employees to communicate approved security practices and their purpose (Ve?as et al., 2021). The programs must also be revised continuously to creating stimulating experiences and enhance learning.