IT 241: Final Project Document

Overview

The final project for this course is the creation of a presentation in which you will pitch a security awareness program to the executive team of a company. The presentation should include both the human element and the organizational side of operations. Youwill highlight the differences between intentional and unintentional threats posed by human beings and the organizational factors that impact the level of human error within an enterprise.

The purpose of the final project is for you to apply your knowledge about the human aspects of information security to a real-world scenario. People who work in the field of information technology are asked to provide information to executives so that informed decisions can be made about protecting the company from security threats. Information security training is of utmost importance in every company enterprise. While technologies such as antivirus software and encryption can offer some protection against cybercrime, security breaches are most often the result of human error and carelessness. One of the best ways to prevent employees from making costly errors with information security is to institute company-wide security-awareness training. It will be your job to design a presentation to gain buy-in from the executives in order to obtain approval for creating a security awareness program for the business, as well as raise overall awareness about how human factors can impact the security posture of any organization.

In this project, you will demonstrate the following course outcomes:

• Analyzeunintentionalhumanerrorsandmaliciousbehaviorfortheirimpactonthesecuritypostureofanorganization
• Illustrate potential predisposed and counterintuitive behaviors that affect organizational security postures based on appropriate models of human behavior
• Analyze organizational factors for potential risks from human error that impact the security posture of anorganization
• Justifytoenterprisestakeholderstheimportanceofasecurityawarenessprogramforfosteringhealthysecuritycultures

Prompt

Provide justification as to the importance of instituting an information security awareness program. You are not being asked to write the actual program, only to “sell” the idea to your audience. You will need to describe human behaviors that pose risks to organizations, why humans demonstrate these behaviors, and how a security awareness program could address some of the organizational factors that lead to human error, which in turn negatively impacts the security posture of an organization.

Using PowerPoint, create a presentation that uses audio and/or slide commenting features. In your presentation, design a security awareness program pitch for the executive team of a company. The pitch should include both the human element and the organizational side of operations. Be sure to highlight the differences between intentional and unintentional threats posed by human beings and the organizational factors that impact the level of human error within an enterprise.

Specifically, the following critical elements must be addressed:

1. Introduction: Why is it important for a company to foster awareness of andmitigate against human factors in information security?

II.           Unintentional HumanError

1. Human/Cognitive Factors: What are some examples of human/cognitive factors that influence unintentional human error? How do these factors impact the security posture of theorganization?
   1. Psychosocial/Sociocultural Factors: What are some examples of psychosocial/sociocultural factors that influence unintentional human error? How do these factors impact the security posture of theorganization?
   1. What potential predisposed and counterintuitive behaviors are examples of unintentional humanerror?
   1. How can a company use this information to harden its securityposture?

III.           Malicious HumanBehavior

1. Human/Cognitive Factors: What are some examples of human/cognitive factors that influence malicious human behavior? How do these factors impact the security posture of theorganization?
   1. Psychosocial/Sociocultural Factors: What are some examples of psychosocial/sociocultural factors that influence malicious human behavior? How do these factors impact the security posture of theorganization?
   1. What potential predisposed and counterintuitive behaviors are examples ofmalicious human behavior?
   1. How can a company use this information to harden its securityposture?

IV.           OrganizationalFactors

1. How can data flow factors affect the company’s security posture? Provide examples to support yourclaims.
   1. How can work setting factors affect the company’s security posture? Provide examples to support yourclaims.
   1. How can work planning and control factors affect the company’s security posture? Provide examples to support yourclaims.
   1. Howcanemployeereadiness factorsaffectthecompany’ssecurityposture?Provideexamplestosupportyourclaims.

V.           Conclusion

1. What is a healthy security culture? Why is it important for a company to havea healthy security culture?
   1. How can security awareness training programs promote healthy security culture in companies? How can these programs address the needs of variousstakeholders?
   1. How can security awareness training for enterprise stakeholders mitigate against unintentional human error that negatively impacts security cultures? What kinds of training or remediation strategies could be used in addressing unintentionalbehaviors?
   1. How can security awareness training for enterprise stakeholders mitigate against malicious human behavior? What kinds of training or remediation strategies could be used in addressing maliciousbehaviors?
   1. How can security awareness training for enterprise stakeholders mitigate against organizational factors that negatively impact security cultures? What kinds of training or remediation strategies could be used in addressing organizationalfactors?

Final Project Submission: Security Awareness Program Presentation

In Module Seven, you will submit your final project. It should be a complete, polished artifact containing all of the critical elements of the final product. It should reflect the incorporation of feedback gained throughout the course. This submission will be graded with the Final Product Rubric.

Final Product Rubric

Guidelines for Submission: The final project must be submitted as a presentation in PowerPoint, Prezi, or a similar program. It must use audio and/or slide commenting features. Sources should be cited in APA format.

Critical Elements	Exemplary (100%)	Proficient (85%)	Needs Improvement (55%)	Not Evident (0%)	Value
Introduction	Meets “Proficient” criteria, and explanation is exceptionally clear and contextualized	Explains why it is important for a company to foster awareness of and mitigate against human factors in information security	Explains why it is important fora company to foster awareness related to human factors but does not address the importance of mitigating against these factors, or the explanation lacks detail or is notaccurate	Does not explain why it is important for a company to foster awareness of and mitigate against human factors in information security	5
Unintentional Human Error:     Human/Cognitive Factors	Meets “Proficient” criteria and uses examples that are well informed and contextualized	Evaluates human/cognitive factors that influence unintentional human errors with regard to how these factors impact the security posture of the organization	Evaluates human/cognitive factors that influence unintentional human errors but does not connect the human errors to the impact they have on the security posture of companies	Does not evaluate unintentional human/cognitive factors that influence unintentional human errors	5
Unintentional Human Error: Psychosocial/ Sociocultural Factors	Meets “Proficient” criteria, and explanation is exceptionally clear and contextualized	Evaluates psychosocial/sociocultural factors that influence unintentional human error with regard to how these factors impact the security posture of the organization	Evaluates psychosocial/sociocultural factors that influence unintentional human errors but does not connect the human errors to the impact they have on the security posture of companies	Does not evaluate psychosocial/sociocultural factors that influence unintentional human error	5

Unintentional Human Error: Predisposedand Counterintuitive Behaviors	Meets “Proficient” criteria and provides relevant real-world examples to support claims	Determines potential predisposed and counterintuitive behaviors as they relate to unintentional human errors by using appropriate models of human behavior	Determines potential predisposed and counterintuitive behaviors as they relate to unintentional human errors but does not use the appropriate model ofhuman behavior, or the behaviors described are not related to unintentionalerror	Does not determine potential predisposed and counterintuitive behaviors	5
Unintentional Human Error: Security Posture	Meets “Proficient” criteria, and examples provided are well informed and contextualized	Explains how companies can use information from human behavior models to harden organizational security postures	Explains how companies can use human behavior models but does not relate them to hardening organizational security postures or is not accurate	Does not explain how information from behavior models can be used	5
Malicious Human Behavior: Human/Cognitive Factors	Meets “Proficient” criteria, and description is exceptionally clear and contextualized	Describes human/cognitive factors that influence malicious human behavior with regard to how these factors impact the security posture of the organization	Describes human/cognitive factors that influence malicious human behavior but does not connect how these factors impact the security posture of the organization or the information provided is not accurate	Does not describe human/cognitive factors that influence malicious human behavior	5
Malicious Human Behavior: Psychosocial/ Sociocultural	Meets “Proficient” criteria, and description is exceptionally clear and contextualized	Describes psychosocial/sociocultural factors that influence malicious human behavior with regard to how these factors impact the security posture of the organization	Describes psychosocial/sociocultural factors that influence malicious human behavior but does not connect how these factors impact the security posture of the organization, or the information provided is not correct	Does not describe psychosocial/sociocultural factors that influence malicious human behavior	5

Malicious Human Behavior:Predisposed and Counterintuitive Behaviors	Meets “Proficient” criteria and provides real-world examples to support claims	Determines potential predisposed and counterintuitive behaviors as they relate to malicious human behavior by using appropriate models of human behavior	Determines potential predisposed and counterintuitive behaviors as they relate to malicious human behavior but does not use the appropriate model of human behavior, or the behaviors described are not related to malicious human behavior	Does not describe potential predisposed and counterintuitive behaviors	5
Malicious Human Behavior: Security Posture	Meets “Proficient” criteria, and examples provided are well informed and contextualized	Explains how companies can use information from human behavior models to harden organizational security postures	Explains how companies can use human behavior models but does not connect their use to hardening organizational security postures or is not accurate	Does not explain how information from behavior models can be used	5
Organizational Factors: Data Flow	Meets “Proficient” criteria and provides real-world examples to support claims	Describes data flow factors that influence the level of human error in companies and how these factors impact the company’s security posture	Describes data flow factors that influence the level of human error in companies or how data flow factors impact thecompany security posture, but not both, or the information provided is inaccurate	Does not describe data flow factors that influence the level of human error in companies	6
Organizational Factors: Work Setting	Meets “Proficient” criteria, and the description is wellinformed andrealistic	Describes physical work setting factors that influence the level of human errors in companies and how these factors can impact the company’s security posture	Describes physical work setting factors that influence the level of human errors in companiesor how these factors impact the company’s security posture, but not both, or the information provided isincorrect	Does not describe physical work setting factors that influence the level of human errors in companies	6
Organizational Factors: Work Planning and Control	Meets “Proficient” criteria, and the description is wellinformed andrealistic	Describes work planning and control factors that influence the level of human errors in companies and how these factorscanaffectthecompany’s securityposture	Describes work planning and control factors that influence the level of human errors in companies or describes how these factors affect the company’s security posture, but not both	Does not describe work planning and control factors that influence the level of human errors in companies	6

Organizational Factors: Employee Readiness	Meets “Proficient” criteria, and the description is wellinformed andrealistic	Describes employee readiness factors that influence the level of human error in companies and how can these factorsaffect the company’s securityposture	Describes employee readiness factors that influence the level of human error in companies or how these factors affect the company’s security posture, but not both, or the information provided is incorrect	Does not describe employee readiness factors that influence the level of human error in companies	6
Conclusion: Security Culture	Meets “Proficient” criteria, and the explanation is based on relevant research	Comprehensively explains a healthy security culture and the importance of having a healthy security culture within a company	Explains a healthy security culture or explains the importance of having a healthy security culture within a company, but not both, or the information provided is incorrect	Does not explain a healthy security culture	5
Conclusion: Awareness Training	Meets “Proficient” criteria, and description is exceptionally clear and contextualized	Explains how a security awareness training program promotes a healthy security culture in companies and addresses various stakeholder needs related to information security	Explains how a security awareness training program promotes a healthy security culture in companies but does not address various stakeholder needs, or the information provided is not accurate	Does not explain how a security awareness training program promotes a healthy security culture in companies	5
Conclusion: Addressing Unintentional Behaviors	Meets “Proficient” criteria, and description is exceptionally clear and contextualized	Explains how security awareness training for enterprise stakeholders mitigates against unintentional human error, including details about the kinds of training or remediation strategies that could be used in addressing those behaviors	Explains how security awareness training for enterprise stakeholders mitigates against unintentional human error but does not include details about the kinds of training or remediation strategies that could be used in addressing those behaviors, or the information provided is not accurate	Does not explain how security awareness training for enterprise stakeholders mitigates against unintentional human error	5

Conclusion: Addressing Malicious Behaviors	Meets “Proficient” criteria, and description is exceptionally clear and contextualized	Explains how security awareness training for enterprise stakeholders mitigates against malicious human behavior and the kinds of training or remediation strategies that could be used to address malicious behaviors	Explains how security awareness training for enterprise stakeholders mitigates against malicious human behavior but does not include the kinds of training or remediation strategies that could be used to address malicious behaviors, or the information provided is not accurate	Does not explain how security awareness training for enterprise stakeholders mitigates against malicious human behavior and the kinds of training or remediation strategies that could be used to address malicious behaviors	5
Conclusion: Addressing Organizational  Factors	Meets “Proficient” criteria, and description is exceptionally clear and contextualized	Explains how securityawareness training for enterprise stakeholders mitigates against organizational factors that negatively impact security cultures and includes details related to the kinds of training or remediation strategies that could be used in addressing organizationalfactors	Explains how security awareness training for enterprise stakeholders mitigates against organizational factors that negatively impact security cultures but does not include details related to the kinds of training or remediation strategies could be used, or the information provided is not accurate	Does not explain how security awareness training for enterprise stakeholders mitigates against organizational factors that negatively impact security cultures	5
Articulation of Response	Submission is free of errors related to citations, grammar, spelling, syntax, and organization and is presented in a professional and easy to read format	Submission has no major errors related to citations, grammar, spelling, syntax, or organization	Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of main ideas	Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent understanding of ideas	6
Earned Total	100%

 

"Looking for a Similar Assignment? Order now and Get 10% Discount! Use Code "Newclient"