Reference no: EM133309667

Information security or InfoSec is a broad topic that covers many areas such as physical security, endpoint security, data security, network security and cyber security. It consist of the tools and processes that organizations use to protect information. This includes policy settings that prevent unauthorized people from accessing business or personal information. Cyber security is one of the popular topics that is widely discussed due to the increasing number of people who have been victims of cyber-attacks worldwide. Cyber security is the practice of protecting systems, networks, and programs from digital attacks. Despite the use of cutting edge cyber security tools, measures and policies, the lack of human awareness on cyber threats becomes a weak point in InfoSec implementation. Therefore, protecting an organization from cyber threats begins with increasing the employees awareness and knowledge in keeping the assets and networks safe. This can be done by sharing, disseminating and educating the employees continually on information security policies, processes, standards and frameworks. Hence, programs based on the Framework of Security Education, Training and Awareness (SETA) are imperative to be implemented in organizations to enhance information security more effectively. SETA is a program designed to help organizations to mitigate the number of security breaches caused by human error by making people aware of information security policies and how to apply them in daily activities. The people awareness concerning cyber security can be increased by training and educating them on security basics and best practices to allows them to make better decisions and avoid risky cyber behaviours. Apart from educating on the security policies and rules, the training modules ought to also address common security breaches caused by human errors such as using a weak password, having outdated software or responding to malicious emails. Depending on conduciveness and effectiveness, the training can be delivered in either modes or in any combination deemed suitable; one-on-one, on-the-job-training, formal class, user support group, self-study (non-computerised), computer-based training or through online seminars.

With the rapid increase of Internet usage, the threats and attacks by cyber criminals are also increasing thus putting the security of the enterprise infrastructure and communication system at serious risk. Cyber criminals such as hackers can erase, block, manipulate and steal information, which can paralyze the whole organization and disrupt the business ecosystem. Thus, it is imperative to ensure the entire systems are protected from external and internal security breaches by implementing cyber security best practices. Most organizations invest in advanced technology solutions such as next generation firewall, antivirus and intrusion prevention systems to protect their assets and user privacy. Addressing both the technology factor and the human factor are crucial for the implementation of a robust and secure environment. In Malaysia, the national cybersecurity innovation-led services, programmes and initiatives to reduce vulnerability of digital systems are enforced and instituted by the government through CyberSecurity Malaysia, the national cyber security specialist agency under the purview of the Ministry of Communications and Multimedia Malaysia. CyberSecurity Malaysia roles is to foster awareness and disseminate information on cyber security and safety as well as to increase understanding and interest in the cyber security field by displaying and showcasing hands-on product and information. At the same time, CyberSecurity Malaysia also collaborate with relevant local and international parties for the implementation of cyber security technologies, to inculcate a culture of digital citizenship among the masses from all occupations and lifestyles.

Question

Explain the issues that must be addressed by an organization's InfoSec education program.