NIST Cyber Security Framework
The NIST security awareness model selected is NIST Cyber Security Framework. Organizations can better utilize the Framework’s integration of corporate standards and procedures to manage business cybersecurity threats. Cybersecurity concerns can be communicated throughout the organization levels as well as at all locations in its supply chain. with the help of this security awareness model (Sabillon, 2022). The NIST cyber security awareness is the best model for the fact that it comprises the five functions that help an organization distribute information. Identification, Monitoring, Prediction, Reacting, and Recovering are the five functions that make up the cybersecurity model. The assessment management, work environment, accountability, vulnerability assessments, and risk management strategy are all part of the identification. Access control, awareness and training and data security, data security protocols, support, and protective technology play a crucial role in cybersecurity awareness. Inconsistencies and events, comprehensive security surveillance, and detection processes all play a role in detection. Development of standards, communications, evaluation, avoidance, and improvement are all dependent on Respond. Finally, recovery emphasizes recovery planning, communication, and other elements of the recovery process and improvements.
As a public service, NIST works to create cybersecurity guidelines, best practices, and other tools for the benefit of the organization sector, corporate level, and businesses in the public interest. This model focuses on short-term research to long-term research that forecasts technological advancements and future obstacles. Additionally, NIST works to better identify and manage privacy threats, many of which have a direct impact on cybersecurity (Sabillon, 2022). NIST contributes and focuses on a variety of areas, including encryption, educational and professional development, emerging applications, risk mitigation, access controls, metrics, privacy, robust networks, and trustworthy platforms.
A needs assessment
It is recommended by NIST that personnel get instructional, awareness-based, and skill-based training to assist them in better understanding the hazards they face related to organizational activities and taking action to prevent security events. The ‘Awareness and Training’ part consists of three distinct requirements. To meet these requirements, it is necessary to educate system administrators and users about cybersecurity risks and processes, as well as to provide staff with the necessary training to fulfill their organizational security responsibilities.
At Advanced Topologies Inc, the training needs for all personnel include social engineering, password security, working remotely, physical security, malware, removable media, safe web browsing, mobile security, and phishing. In addition, security training may help teams better grasp the dangers of installing unlicensed software on shared networks and provide guidance on the types of programs that are appropriate for such installations.
A NIST cyber security model training will also cover Information systems and organizations must have appropriate security and privacy protections in place. NIST recommends training to address the specific requirements, standards, and dangers that are particular to each organization’s field of work.” Employees should be educated on the cybersecurity hazards they are most likely to encounter, according to NIST’s recommendation for security awareness managers.
Another suggestion of training needs for all personnel includes industry and in-depth instruction based on job duties and responsibilities incorporating all aspects of management, operations, and technical expertise. As an example, this training can contain rules, processes, tools, methodologies, and artifacts for the defined responsibilities in security and privacy (Corallo, Lazoi, Lezzi, & Luperto, 2022). Advanced Topologies Inc, will focus on infosec IQ training to offer an array of training modules and styles for employee roles. This will enable Advanced Topologies Inc to have the flexibility to train each core security topic while pointing out the most appropriate security information for each employee.
The roles and responsibilities
This section outlines the roles and responsibilities of personnel in a company who is in charge of informing employees about IT security issues. Developing and documenting IT security awareness and training duties for key personnel is a good method to ensure that a program grows and improves (Almuhammadi, & Alsaleh, 2017).
It is the responsibility of agency leaders to make sure that employees are well-versed on security issues and receive enough training on how to deal with them. As part of this, we’ll put in place an effective IT security program that emphasizes employee education and awareness. The leader of the agency should:
appoint a Chief Information Officer
IT security should be delegated a role
Keep an agency-wide information technology strategy in place, supported by resources and budget, as well as being a priority.
Maintain adequate staffing levels to protect the agency’s computer systems.
Chief Information Officers (CIOs)
An act of the United States Congress known as the Federal Information Security Management Act gives Chief Information Officers (CIOs) the responsibility of overseeing and educating the organization’s key information security professionals to ensure the security of the agency’s IT systems by working with the agency’s IT security manager
Develop a comprehensive plan for educating people about IT security.
Ascertain that the agency’s head, top managers, system and data owners, and others are familiar with the program’s principles and strategy and are kept up to date on its implementation’s progress.
Make sure that the agency’s IT security awareness and training program is adequately financed.
Agency workers with substantial security responsibilities should be adequately trained.
Ensure that all users are properly educated on their roles in maintaining system security
Consider putting in place a tracking and reporting system that is efficient and effective.
Security Program Manager (IT)
The program manager for IT security awareness and training is in charge at the tactical level. This position’s responsibilities include the following: Making certain that the educational and training materials produced are suitable and accessible to the intended audiences
To reach the intended audience, make sure that awareness and training materials are successfully implemented.
Ensure that users and management can effectively their opinions on the level of awareness and training materials and their delivery.
Awareness and training should be made available to everyone and materials are evaluated and updated as appropriate.
Determine how to track and report on the project’s progress.
Manage IT security programs in coordination with CIO works closely to meet the need of their organization.
Provide system and/or data ownership, if necessary.
IDPs should be developed for users with major security responsibilities.
Employees of the IT security program, whether they are full- or part-time security guards, and those with major security responsibilities should be educated and certified in their roles.
Ensuring the appropriate security training for all users of their systems (i.e., general support systems and significant applications) before providing them access is essential.
Aim to limit the number of mistakes and errors caused by people who aren’t familiar with or are not trained in the operation of each system and application.
Users of all kinds, such as workers, contractors, foreign and domestic guest researchers, and others in the agency’s staff may all require access, as might visitors, guests, and other partners and associates. Users should:
Recognize and abide by the security policies and procedures of the organization.
Be properly educated on the norms of conduct for the systems and apps to which they have access
Training needs must be met by working with management.
Make sure your software and applications are always up to date with security fixes.
A prioritization list of the training materials by criticality.
Creating and managing computer security incident response teams (CSIRTs)
An overview of what is required to set up and manage an Incident Response Team is the goal of the Creating and Managing CSIRTs course (CSIRT). Those who are responsible for establishing a CSIRT, as well as those who are new to CSIRT concerns and methods, are the intended audience (Sabillon, Serra-Ruiz, Cavaller, & Cano, 2017). Learn about the advantages and disadvantages of a CSIRT, as well as typical rules and procedures and operational best practices in this course.
The target audience will be Federal and SLTT, and individual tasked.
Cyber Supply Chain Risk management
Cyber supply chain risk management, also known as C-SCRM, is the topic of this course, which explains its importance in today’s society. A supply chain’s security, analysis, supervision, and governance are all addressed in this course.
The audience will be Veterans, SLTT, and Federal.
Vulnerabilities of Internet-accessible Systems: Defending Internet-accessible Systems in IMR 204 Training on the cyber range
Mapping the network, finding and fixing internet-accessible systems’ vulnerabilities, and dealing with password spraying assaults are the most important training materials. Network security issues will be investigated, vulnerabilities identified, and firewall rules implemented by participants under the guidance of cybersecurity engineers using tools and example hygiene assessment reports provided by the host organization.
The audience will be Federal and SLTT.
Sabillon, R., Serra-Ruiz, J., Cavaller, V., & Cano, J. (2017, November). A comprehensive cybersecurity audit model to improve cybersecurity assurance: The cybersecurity audit model (CSAM). In 2017 International Conference on Information Systems and Computer Science (INCISCOS) (pp. 253-259). IEEE.
Almuhammadi, S., & Alsaleh, M. (2017). Information security maturity model for NIST cyber security framework. Computer Science & Information Technology (CS & IT), 7(3), 51-62.
Corallo, A., Lazoi, M., Lezzi, M., & Luperto, A. (2022). Cybersecurity awareness in the context of the Industrial Internet of Things: A systematic literature review. Computers in Industry, 137, 103614.
Sabillon, R. (2022). The Cybersecurity Awareness Training Model (CATRAM). In Research Anthology on Advancements in Cybersecurity Education (pp. 501-520). IGI Global.
- Assignment status: Already Solved By Our Experts
- (USA, AUS, UK & CA PhD. Writers)
- CLICK HERE TO GET A PROFESSIONAL WRITER TO WORK ON THIS PAPER AND OTHER SIMILAR PAPERS, GET A NON PLAGIARIZED PAPER FROM OUR EXPERTS