1

NEEDSASSESSMENTCYCLE

Needs Assessment Cycle

Stephanie Pickering

Cur/528

November 9, 2015

Marshal Dupas
 2
NEEDSASSESSMENTCYCLE

Needs Assessment Cycle

Security is becoming one of the most important issues and sometimes a problem for end

users. From social media to emails in the workplace security is quickly becoming the number one

priority for most organizations, institutions, such as colleges and universities ("Homeland Security

", 2015). Every workplace needs training for both new and current employees as technology

changes quickly making end users more vulnerable to hackers who what to take users identities

and use the information for personal gain. Training employees is imperative for everyone in the

workplace to keep the Internet safe and secure for everyone. Employers do not need to wait until

something happens, training needs are ongoing and can make employees aware of how to

safeguard their personal and professional information.

IdentifyTrainingfortheNeedsAssessment

Themoretechnologyadvances,themoreemployeesneedtolearnhowtoimplementand

usetechnologywisely.The"GuideStar"(2005)website,beforecreatingatrainingprogram,itis

importantforacompanytoevaluate,research,gatheringinformationtofindoutwhattheneeds

are.Whenusingtechnologycompanieswanttokeeptheiremployeesanduserssafefrom

outsidersattemptingtostealinformation,whetherthroughsocialmediaoruserdevices.User

behaviorcanhaveasignificantimpactontheUniversitysecurityandenvironment.Humanerror

hasattributedtodatabreachesbyaccidentlydisclosinginformationorlosingadevicethat

containsvitalinformation("FederalCommunicationsCommission",2015).

Organizationsneedtolistentoemployeeswhomayhaveconcernsaboutwhattheyneed

todotheirjobbetterandkeeptheirinformationsafe.Dependingonthreatstheremightbeaneed

totrainemployeessoonerthanlater,soeachpersonknowswhattoexpectandhowtohandle

certainsecuresituationswiththerightinformation.Organizationsneedtoknowtheirlegal
 3
NEEDSASSESSMENTCYCLE

obligationstokeepemployeesinformationsafe.Bytalkingwithemployees,theuniversitycan

determinetheneedsforfuturetrainingforsecuringthecampuscommunityfromoutsidethreats.

IdentifythePurpose,LevelofAssessment,Stakeholders,BudgetandAvailableResources,

andTimeAllottedforAssessment

Thepurposeoftrainingistoaddressquicklytheeverchangingdatasecuritythreat

environmentandtoreinforcetheuniversitiesculture(SecurityStandardsCouncil,2014).The

proposedcontinuedtrainingistohelpemployeesunderstandtheimportanceofsecuring

organizationalaswellaspersonalinformationfromoutsiderswhenusingmobiledevices,surfing

theInternet,orclickingalinkinone'semail.Securityhasbecomeextremelyimportantoverthe

yearsastechnologycontinuestogrow,andhackersarefindingwaystofindvulnerabilitiesin

cyberspace.Theobjectistoidentifysecurityexposuresandkeepingemployeesawareofthreats.

Thegoalistomakeitdifficultforhackerstobreachsecurity(Steward,2011).Withtechnology

growingsorapidly,trainingintheareaoftechnologywillalsochange.Theintendedaudienceis

thestakeholders.

Thestakeholdersareanyoneintheorganizationthatneedstoimplementsecurity

awareness.Everyonewhoworksattheuniversityneedscontinuoustraininginthisarea.

However,therecanbeindividualizedtrainingforeachunitdefiningtheresponsibilityfor

specializedroles.Theimportanceofneedsassessmentintheareaofsecurityfortechnologyis

veryimportant.Stakeholdersneedtoknowtheprogressoftheneedsassessmentsosecuritycan

beconductedcorrectlymakingeffectivechangesfortheuniversitywhereneeded.More

importantismanagementstakeholderswhoneedtocommunicateandunderstandthedamage

andpenaltiesiffailingtosafeguardtheuniversity.Managementneedstounderstandsecurity
 4
NEEDSASSESSMENTCYCLE

requirementsandhowtoreinforcethem.Managementneedsalsotounderstandtherisksto

Universityinformation.

Withanyneedsassessment,abudgetcomesintoplay.Asofrecentmoreemployeeshave

beenhiredtoassesstheneedstoprotectsecurityoncampus.Whenhiringandusingnew

resourcestokeepsecuritysafethiscanbecostly.Also,withsecuritytimeisoftheessence.

Hackersarenotonourscheduleandcanbreachthesystemanytime.Timeisveryimportantto

keepthecampuscommunitysafefromvulnerabilities.Thetimeallottedforthisnewassessment

couldbeupwardsofthreemonthswhilestilltryingtoprotectoursecurity.

IdentifytheSpecificInformationNeededtoMeasuretheNeedsAssessment

Theuniversitycurrentlyhasasecurityteaminplacetoconducttheneedsassessment

howeverwithtechnologytheanalysisisongoingtokeepupwiththethreatscomingin.The

focusshouldbeonthethreatsthataredeemedthemostapplicable.Ascircumstanceschangeso

doesthethreatstothecampuscommunity.Theassessmentmustcontinuetobeupdatedtomake

suretheneedsforsecurityareconsistentwiththeneedsofthetimeasthreatscontinuetochange.

Constantmonitoringthroughawareness,metrics,trainingcontentandcommunicationgives

feedbacktothesecurityteamtomeasureneedsassessments.Thecurrentsecurityteamwill

continuetorunscanswiththehelpofHomelandSecuritylookinginsidethehouseandlettingthe

teamknowofpossibleincomingvulnerabilities.
 5
NEEDSASSESSMENTCYCLE

MethodologyDesign

Measuringtheprogrameffectivenesscanbedonebyassessingandevaluatingemployee

knowledge,continuouseducationthroughdifferenttrainingprograms,reinforcewithgoto
 6
NEEDSASSESSMENTCYCLE

resourcesforemployeesforbestpractices,measuretheuniversitiesstrengthsandweaknesses

andisflexibleenoughtoadapttochange(Scambray,20062015).Planforfuturetraining.

Determinewhetherinformationalreadyexists

Theuniversityhasanexistingtrainingprograminplace,butwouldliketomeasurethe

effectivenessofthetraining.ThecurrenttrainingprogramwehaveiscalledSecuringthe

Human.Usersquicklyforgetwhattheyhavelearnedwhencompletingthemodulestraining

program.Thetrainingisongoingandmoremodulesareaddedeachtime.Theuniversityis

alwayslookingfornewwaystotraintheemployees,sotheyretainwhattheyhavelearnedand

applytheknowledgetoeverydaylifeoncampus.Withongoingthreats,theuniversityisopento

newideastoimplementtokeepsensitivedatafromleavingthecampusenvironment

(Wolff,2015).Itisimportantthattrainingprogramsareoftenreviewedbytheuniversityandthe

securityteam.Bydoingso,theuniversitycanstayabreastofwhatisworkingtoprotectthe

universityandwhatisnotworking.Havingastrongsecurityteamthroughouttheuniversity

ensuresbettermeasurementsaretakentoprotectallinformationcominginandgoingoutofthe

campuscommunity.Byreassessingtheexistingprogram,theuniversitycanmakechangesto

improvehowthestakeholderslearnhowtoprotectcriticalinformation.

Conclusion

Securing critical infrastructure from cyber-attacks is important and begins with a plan of

action. Security is more important now than ever as technology continues to change. Making

employees aware of the risks and including them in making the campus community safe is an

important part of the universities success. Planning and implementing continuous training will

ensure everyone on campus will know what to look out for and help protect the campus

community environment from outside attacks. The university spends much time in planning,
 7
NEEDSASSESSMENTCYCLE

researching, securely implementing a strategic plan that protects the campus community from

attackers and vulnerabilities. Threats continuously change meaning that the university and the

security team must be willing to be flexible and adapt to new threats. Knowing the steps to take

during a breach is critical to safeguarding information.

References

Federal Communications Commission. (2015). Retrieved from

https://www.fcc.gov/.../cyberplanningguide

Guide Star. (2005). Retrieved from

https://www.guidestar.org/Articles.aspx?path=/rxa/news/articles/2005/importance-of-

evaluation.aspx

HomelandSecurity.(2015).Retrievedfromhttp://www.dhs.gov/stopthinkconnectcampaign

Blog
Scambray,J.(20062015).Whatisthepropermethodologyforsecuritysite

assessments?.Retrievedfromhttp://searchitchannel.techtarget.com/feature/Whatisthe

propermethodologyforsecuritysiteassessments

SecurityStandardsCouncil.(2014).PCI.Retrievedfrom

https://www.pcisecuritystandards.org/documents/PCI_DSS_V1.0_Best_Practices_for_Im

plementing_Security_Awareness_Program.pdf
 8
NEEDSASSESSMENTCYCLE

Steward,J.M.(2011).GlobalKnowledge.Retrievedfrom

http://www.globalknowledge.be/content/files/documents/386696/386829

Wolff,J.(2015).TheAtlanticMonthlyGroup.Retrievedfrom

http://www.theatlantic.com/technology/archive/2015/10/cancampusnetworkseverbe

secure/409813/