This proposal, which requests approval for hands-on training in Cyber Security in the workplace, is for all personnel that use a computer at the U.S Embassy in Mexico and all employees who are connected to the embassy network. In the last 3 years, we have had many incidents of Injection, Social Engineering Attacks, and other types of viruses that can potentially shoot down a computer or access sensitive information. Hands-on training will help employees understand and identify possible cyber threats that might be trying to get information or destroy sensitive data.
Online training has been the method of handling Cyber Security training in the workplace in most U.S agencies. For the past 15 years we have used online training and newsletters to help people understand how important it is to protect their data from viruses and other malicious activities that might allow access to the employee’s system in order to gather or destroy sensitive information. Although the United States Computer Emergency Readiness Team (CERT) has more than one hundred specific guidelines, policies, and newsletters for employees on how they can avoid being victims of malicious software and malicious hackers, in the past 3 years we have experienced more issues related to Cyber Security at the U.S Embassy in Mexico than other years.
Online Cyber Security training has served its designed purpose, which was to give employees tips on how to protect their work computers from viruses, hackers and other malicious activities that might target an employee’s computer. However, we have seen a tremendous increase in computer breach in the workplace. On January 12th of this year, many State Department and military employees’ social media accounts were hacked by Islamic State Sympathizer (FBI, 2015). Recently, attacks have become more frequent and more sophisticated and once a year online training does not sufficiently train personnel how to identify threats and to protect sensitive information. In order to prevent such attacks, employees must have a basic understanding of confidentiality, integrity, and sensitivity of data for the agency that they are working for. A series of hands-on trainings, throughout the year, will better prepare personnel to handle potential threats. The State Department has a large enough budget and the experts available to conduct such training at least 3 times per year. With the constant Cyber Security changes around the world, our employees needs to stay on top of this situation.
Cyber Security is a responsibility that needs be addressed by everyone in the U.S Embassy in Mexico. According to Homeland Security “’Cybersecurity’ is a shared responsibility, and each of us has a role to play in making it safer, more secure and resilient”. The FBI and Homeland security has been informed that many of the infected computers from which hackers usually gets access are from employees’ computers. Criminal hackers send a vast email with a link for promotional, discount and others types of propaganda to catch the employee eyes and once clicked it sends a virus that will live in the computer and spread for years with out detection.
The U.S Embassy in Mexico is one of the most important embassies in the world and we cannot afford to not give a proper training to our employees. We must move from the online training to a system that will keep the employees up-to-date and constantly alert for potential violations. Cyber Security Awareness is clearly not working anymore. Even with the online training we have seen a tremendous increase of viruses in our agency. With the Cyber Security hands-on training we will be able to help our agency to assist our employees in becoming more responsible and knowledgeable in Cyber Security. If this situation continues in the embassy we will have more issues with outside hackers trying to get access to our network environment and to compromise our assets.
Report Plan (Plan of Implementation)
In the past 15 years, the IT Security Department of the U.S Embassy in Mexico has used online training as the primary means to build employee awareness of the basics of cyber security in the workplace with the purpose of reducing cyber risks. However, the online training is no longer effective as it used to be. In an effort to preserve and protect the availability, confidentiality, and integrity of the U.S Embassy in Mexico, the IT Security Department proposed to introduce an hands-on cyber security training for all employees.
The United States Computer Emergency Readiness Team (CERT) requires that every federal agency conduct training on basic IT security and that every employee has successfully completed these trainings. Furthermore, they provide hundreds of guidelines and policies for employees. In the past 3 years, the U.S. Embassy in Mexico has received increasing amounts of cyber attacks that have compromised sensitive data in a few cases. According to the FBI and Homeland security most of these successful attacks on U.S. agencies are due to hackers gaining access to employees’ computers. This is also the case for the U.S. Embassy in Mexico.
III. Statement of Problem
The online Cyber Security Awareness training is clearly not working anymore, for the U.S. Embassy in Mexico as well as other entities. “Statistics show that 93% of large organizations and 76% of small businesses experienced a security breach in the last year” Blythe, J. (2013). According to Blythe, employees appear to be a large source of the problem, despite all the online training, Cyber Security awareness and online newsletters. In many organization employees have been identified as one of the number one issues of security breach in the workplace (Blythe J., 2013). To address this issue, the agency needs to find a different approach to deal with the situations that can potentially compromise sensitive information.
IV. Proposed Solution
In order to address the issue of increased security breaches, despite of all the online trainings, the Information Security department would like to implement a hands-on training in cyber security for all employees. Although e-learning can be effective, according to Professor R.D. Garrick, “learning outcomes that involve problem-solving or understanding points of view are best conveyed in person, where the instruction can be personalized.”
The revised personalized IT cyber training will be designed in three-parts with both theory and practice. The trainings will be dynamic and interactive to ensure strong delivery of content in a modular format that allows meaningful learning, and all training documents will be user friendly with step-by-step instructions with screenshots for illustration.
The objectives of the trainings will be the following:
Treatment of sensitive data as they would want their own personal data to be handled.
Overview and explanation of key compliance principals.
To understand reasons behind the policies and procedures.
How to develop a strong password ***** protect it.
Cyber security best practices that apply at work and at home.
Improve understanding of social engineering and how techniques are used to manipulate employees, leading to intellectual property theft, data security breaches, litigation and other serious problems
How to identify viruses on emails, pdf, docs, chats, images, and other types of files.
How to handle Antivirus with emails, social media, IM, and how to correctly eliminate a virus.
Cyber Security Training in the Work Place has a large amount of creditable research that has been conducted by Universities, companies and governments agencies.
DINICU A. CYBER THREATS TO NATIONAL SECURITY. SPECIFIC FEATURES AND ACTORS INVOLVED. Buletin Stiintific [serial online]. December 2014;19(2):109-113. Available from: Academic Search Complete, Ipswich, MA. Accessed February 6, 2015.
M Blythe, John. Cyber Security In The Workplace: Understanding And Promoting Behaviour Change. 1st ed. Newcastle: PaCT Lab, Department of Psychology, Northumbria University. Newcastle, 1, 2011. Web. Accessed February 6, 2015.
McCourt M. THE PREDICTIVE REVOLUTION. Security: Solutions For Enterprise Security Leaders [serial online]. November 2014;51(11):20. Available from: Publisher Provided Full Text Searching File, Ipswich, MA. Accessed February 6, 2015.
McDowell, M. (2011, January 26). Staying Safe on Social Network Sites. Retrieved February 6, 2015, from https://www.us-cert.gov/ncas/tips/ST06-003
Workplace Networks Easy to Breach. Cu360 [serial online]. November 2, 2009;35(19):5. Available from: Publisher Provided Full Text Searching File, Ipswich, MA. Accessed February 6, 2015.
As part of my research, I will also conduct online assessment and evaluation surveys that will be sent to all employees that are connected to the Embassy network and take the courses. It’s very important that all employees participated because employee computers are the first target of cyber attacks in the workplace.
Qualifications & Experience
Before working with the U.S Embassy, I began my career working with Symantec in computer security and network security. I was a member of the Latin America and American (LAMA) team, which was responsible for documenting and resolving any issues related to viruses and hacker attacks on the Symantec Endpoint Protection (SEP) product. I have a certification in SQL, Symantec Endpoint Protection, Planning and Implementation Windows Server, Active Directory, and Windows Infrastructure. I also have certification for MAC server and Linux Security Infrastructure. I have been working in cyber security for 9 years and in computer forensics for 3 years.
I have been writing reports on cyber attacks for the embassy for almost 6 years and I created the first tech database that all embassies use when they have an issue with their computers security, network and Installation.
To achieve the goals of this research, I will accomplish the following tasks:
Review the evolution of online training since the year 2000 to 2015, documenting all the virus and cyber threats and incidents.
Identify and evaluate the pros and cons of social media like Facebook, Google+, LinkedIn, Instagram, Pinterest, Vine, Tumblr, and Twitter and the threats they pose.
Evaluate the impact of cyber threats in the workplace and how they can compromise the confidentiality, integrity, and availability of the Embassy’s information.
Research and document how hands-on training in IT Security can better improve employees’ awareness and ability to prevent viruses and other security risks compared to online training.
Produce and present a briefing on the topic of this research.
Produce and submit a formal report as the final deliverable of this research effort, which will include 6 training modules.
On-line database access charges: 0
Materials (paper, ribbons, toner cartridges): 0
Equipment (operations & maintenance): 0
Total Cost Estimate: 0
In terms of cost, the research will not cost the US Embassy of Mexico financially; however, will require that all employees attend 6 hours of additional training per year. As an employee of the IT Security team it is my duty to perform this task to insure that our staff is prepared to deal with this types of risks.
Iestimate the six tasks will require 80 hours to complete.
Request for Approval
I am requesting permission to conduct research in order to complete a recommendation report about Cyber Security in the workplace. This research will evaluate our current online training on cyber security for employees that we conduct once per year. The research will include online surveys to all employees to identify all the probable causes to the tremendous increase of cyber threats in the last 3 years. The research will also include a development proposal of a hands-on training program to substitute the online trainings with the purpose of reducing the number of cyber security breaches in the future. I would like to start the research on February 15, 2015 and finish by the end of the month to provide a full recommendation report of my research.
I am open to any suggestions that you might have about this proposal and will be happy to discus with the IT Security Department.
Report Package: Report Assignment
Assignment Value: 30%
Format and Length Requirements: Include a memo (or letter) of transmittal, title page, table of contents, list of illustrations (if applicable), abstract or executive summary, body of the report, and references. Use APA documentation style for in-text citations and the references page(s).
Use Times New Roman font face and 12 point font size. Use 1 inch margins and single space. Headings should be included in the body of the report.
In the Report Assignment, you’ll carry out the plan that you established in the Proposal Assignment. The purpose of the Report Assignment is to demonstrate your ability to prepare a formal researched report to a specific, professional audience, to conduct and evaluate research and incorporate it effectively, and to document the sources you use accurately.
Essentially, your goal in the report will be to explore the problem (background, context, etc.) and the solutions for the decision-maker(s) you’ve identified, offering a recommendation(s) for action.
The final version of the report will include front matter, the body of the report, and back matter.
Prior to the body of the report, you will need to include a memo or letter of transmittal, a title page, a table of contents, a list of illustrations (if you include illustrations), and an abstract or executive summary.
Body of the Report
The body of the report should use a conventional structure and incorporate meaningful headings that reveal the structure of the report to the readers. (“Body” is not a meaningful heading.) While you should include sections for Introduction and Conclusions, the other sections that make up the body of the report will depend upon the specific focus of your work. Your outline in the Proposal may be useful, but you will most likely need to modify that outline as you complete research. A discussion of your methods (or search strategies) and a discussion of the problem/opportunity should be included in the report; such items can appear in the introduction or in the body of the report, depending on how much development is needed.
You may also need to include the criteria you have determined based on research, a discussion of the options according to the criteria, and the conclusions regarding the options. A recommendation or recommendations for the next step your audience should take will most likely end the report.
Required Research: Research should be used throughout the discussion. Include at least five scholarly sources and ensure that all other sources are authoritative in nature. Interviews can be used as sources, but transcripts of the interviews must be provided as an appendix to the report (which will not count as part of the word requirement mentioned above). The research should be incorporated into the text gracefully, meaning, in part, that paraphrase and summary should be preferred to direct quotation. Paraphrase and summary require citation in text.
Please retain copies of the source material that you use in your report along with detailed notes on your research. You may be asked to provide these during the grading process.
Graphics or Visual Aids: I do encourage you to use visual aids in the report if illustrations or graphics would be useful in helping your readers understand the topic, your analysis, your conclusions, or your recommendations. Graphics are not required. When used, they must add to the content and persuasiveness of the report.
The paper should end in a list of references cited in the work. Use APA style. You may also need to include relevant appendices, a glossary, and so on, as dictated by your audience’s needs.
Final Note about Your Topic: Your topic for the report must be approved by me in the Proposal Assignment. Having said that, you may slightly change the focus of the report after you turn in the proposal (often what you find in researching the topic will dictate this change). You may not completely change your topic without writing a new proposal and receiving approval for that proposal.