Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
NEEDSASSESSMENTCYCLE
Stephanie Pickering
Cur/528
November 9, 2015
Marshal Dupas
2
NEEDSASSESSMENTCYCLE
Security is becoming one of the most important issues and sometimes a problem for end
users. From social media to emails in the workplace security is quickly becoming the number one
priority for most organizations, institutions, such as colleges and universities ("Homeland Security
", 2015). Every workplace needs training for both new and current employees as technology
changes quickly making end users more vulnerable to hackers who what to take users identities
and use the information for personal gain. Training employees is imperative for everyone in the
workplace to keep the Internet safe and secure for everyone. Employers do not need to wait until
something happens, training needs are ongoing and can make employees aware of how to
IdentifyTrainingfortheNeedsAssessment
Themoretechnologyadvances,themoreemployeesneedtolearnhowtoimplementand
usetechnologywisely.The"GuideStar"(2005)website,beforecreatingatrainingprogram,itis
importantforacompanytoevaluate,research,gatheringinformationtofindoutwhattheneeds
are.Whenusingtechnologycompanieswanttokeeptheiremployeesanduserssafefrom
outsidersattemptingtostealinformation,whetherthroughsocialmediaoruserdevices.User
behaviorcanhaveasignificantimpactontheUniversitysecurityandenvironment.Humanerror
hasattributedtodatabreachesbyaccidentlydisclosinginformationorlosingadevicethat
containsvitalinformation("FederalCommunicationsCommission",2015).
Organizationsneedtolistentoemployeeswhomayhaveconcernsaboutwhattheyneed
todotheirjobbetterandkeeptheirinformationsafe.Dependingonthreatstheremightbeaneed
totrainemployeessoonerthanlater,soeachpersonknowswhattoexpectandhowtohandle
certainsecuresituationswiththerightinformation.Organizationsneedtoknowtheirlegal
3
NEEDSASSESSMENTCYCLE
obligationstokeepemployeesinformationsafe.Bytalkingwithemployees,theuniversitycan
determinetheneedsforfuturetrainingforsecuringthecampuscommunityfromoutsidethreats.
IdentifythePurpose,LevelofAssessment,Stakeholders,BudgetandAvailableResources,
andTimeAllottedforAssessment
Thepurposeoftrainingistoaddressquicklytheeverchangingdatasecuritythreat
environmentandtoreinforcetheuniversitiesculture(SecurityStandardsCouncil,2014).The
proposedcontinuedtrainingistohelpemployeesunderstandtheimportanceofsecuring
organizationalaswellaspersonalinformationfromoutsiderswhenusingmobiledevices,surfing
theInternet,orclickingalinkinone'semail.Securityhasbecomeextremelyimportantoverthe
yearsastechnologycontinuestogrow,andhackersarefindingwaystofindvulnerabilitiesin
cyberspace.Theobjectistoidentifysecurityexposuresandkeepingemployeesawareofthreats.
Thegoalistomakeitdifficultforhackerstobreachsecurity(Steward,2011).Withtechnology
growingsorapidly,trainingintheareaoftechnologywillalsochange.Theintendedaudienceis
thestakeholders.
Thestakeholdersareanyoneintheorganizationthatneedstoimplementsecurity
awareness.Everyonewhoworksattheuniversityneedscontinuoustraininginthisarea.
However,therecanbeindividualizedtrainingforeachunitdefiningtheresponsibilityfor
specializedroles.Theimportanceofneedsassessmentintheareaofsecurityfortechnologyis
veryimportant.Stakeholdersneedtoknowtheprogressoftheneedsassessmentsosecuritycan
beconductedcorrectlymakingeffectivechangesfortheuniversitywhereneeded.More
importantismanagementstakeholderswhoneedtocommunicateandunderstandthedamage
andpenaltiesiffailingtosafeguardtheuniversity.Managementneedstounderstandsecurity
4
NEEDSASSESSMENTCYCLE
requirementsandhowtoreinforcethem.Managementneedsalsotounderstandtherisksto
Universityinformation.
Withanyneedsassessment,abudgetcomesintoplay.Asofrecentmoreemployeeshave
beenhiredtoassesstheneedstoprotectsecurityoncampus.Whenhiringandusingnew
resourcestokeepsecuritysafethiscanbecostly.Also,withsecuritytimeisoftheessence.
Hackersarenotonourscheduleandcanbreachthesystemanytime.Timeisveryimportantto
keepthecampuscommunitysafefromvulnerabilities.Thetimeallottedforthisnewassessment
couldbeupwardsofthreemonthswhilestilltryingtoprotectoursecurity.
IdentifytheSpecificInformationNeededtoMeasuretheNeedsAssessment
Theuniversitycurrentlyhasasecurityteaminplacetoconducttheneedsassessment
howeverwithtechnologytheanalysisisongoingtokeepupwiththethreatscomingin.The
focusshouldbeonthethreatsthataredeemedthemostapplicable.Ascircumstanceschangeso
doesthethreatstothecampuscommunity.Theassessmentmustcontinuetobeupdatedtomake
suretheneedsforsecurityareconsistentwiththeneedsofthetimeasthreatscontinuetochange.
Constantmonitoringthroughawareness,metrics,trainingcontentandcommunicationgives
feedbacktothesecurityteamtomeasureneedsassessments.Thecurrentsecurityteamwill
continuetorunscanswiththehelpofHomelandSecuritylookinginsidethehouseandlettingthe
teamknowofpossibleincomingvulnerabilities.
5
NEEDSASSESSMENTCYCLE
MethodologyDesign
Measuringtheprogrameffectivenesscanbedonebyassessingandevaluatingemployee
knowledge,continuouseducationthroughdifferenttrainingprograms,reinforcewithgoto
6
NEEDSASSESSMENTCYCLE
resourcesforemployeesforbestpractices,measuretheuniversitiesstrengthsandweaknesses
andisflexibleenoughtoadapttochange(Scambray,20062015).Planforfuturetraining.
Determinewhetherinformationalreadyexists
Theuniversityhasanexistingtrainingprograminplace,butwouldliketomeasurethe
effectivenessofthetraining.ThecurrenttrainingprogramwehaveiscalledSecuringthe
Human.Usersquicklyforgetwhattheyhavelearnedwhencompletingthemodulestraining
program.Thetrainingisongoingandmoremodulesareaddedeachtime.Theuniversityis
alwayslookingfornewwaystotraintheemployees,sotheyretainwhattheyhavelearnedand
applytheknowledgetoeverydaylifeoncampus.Withongoingthreats,theuniversityisopento
newideastoimplementtokeepsensitivedatafromleavingthecampusenvironment
(Wolff,2015).Itisimportantthattrainingprogramsareoftenreviewedbytheuniversityandthe
securityteam.Bydoingso,theuniversitycanstayabreastofwhatisworkingtoprotectthe
universityandwhatisnotworking.Havingastrongsecurityteamthroughouttheuniversity
ensuresbettermeasurementsaretakentoprotectallinformationcominginandgoingoutofthe
campuscommunity.Byreassessingtheexistingprogram,theuniversitycanmakechangesto
improvehowthestakeholderslearnhowtoprotectcriticalinformation.
Conclusion
Securing critical infrastructure from cyber-attacks is important and begins with a plan of
action. Security is more important now than ever as technology continues to change. Making
employees aware of the risks and including them in making the campus community safe is an
important part of the universities success. Planning and implementing continuous training will
ensure everyone on campus will know what to look out for and help protect the campus
community environment from outside attacks. The university spends much time in planning,
7
NEEDSASSESSMENTCYCLE
researching, securely implementing a strategic plan that protects the campus community from
attackers and vulnerabilities. Threats continuously change meaning that the university and the
security team must be willing to be flexible and adapt to new threats. Knowing the steps to take
References
https://www.fcc.gov/.../cyberplanningguide
https://www.guidestar.org/Articles.aspx?path=/rxa/news/articles/2005/importance-of-
evaluation.aspx
HomelandSecurity.(2015).Retrievedfromhttp://www.dhs.gov/stopthinkconnectcampaign
Blog
Scambray,J.(20062015).Whatisthepropermethodologyforsecuritysite
assessments?.Retrievedfromhttp://searchitchannel.techtarget.com/feature/Whatisthe
propermethodologyforsecuritysiteassessments
SecurityStandardsCouncil.(2014).PCI.Retrievedfrom
https://www.pcisecuritystandards.org/documents/PCI_DSS_V1.0_Best_Practices_for_Im
plementing_Security_Awareness_Program.pdf
8
NEEDSASSESSMENTCYCLE
Steward,J.M.(2011).GlobalKnowledge.Retrievedfrom
http://www.globalknowledge.be/content/files/documents/386696/386829
Wolff,J.(2015).TheAtlanticMonthlyGroup.Retrievedfrom
http://www.theatlantic.com/technology/archive/2015/10/cancampusnetworkseverbe
secure/409813/