Assure your organization employs generally accepted risk analysis and risk management methodologies to administer risk assessments in order to determine specific needs for security policies and procedures, and to evaluate the potential effectiveness and appropriateness of security solutions.

More Uses of the Security Awareness Toolkit:

  • Provide information Security Awareness training across your organization creating a calculated approach to possible data breaches and security incidents by anticipating new threats and providing awareness to actively prevent incidents from occurring.
  • Provide guidance on security solutions and requirements to other IT staff to promote Security Awareness and compliance in project and day to day operations.
  • Ensure you recommend and develop security standards and configuration baselines for network connected devices, endpoint systems, servers, applications, network equipment, and security systems.
  • Govern: review new and modified regulatory requirements pertaining to information security to determine if new policies and procedures are needed and monitors related best practices and emerging security technologies for potential application.
  • Create, implement, and manage an incident response plan that is prepared to respond to security incidents, investigations, breaches, and compliance failures.
  • Ensure you build and nurture external network consisting of industry and peers, partners, vendors and other relevant parties to address common trends, findings, incidents, and cybersecurity risks.
  • Confirm your organization ensures facility, materials and training supplies are prepared and ready for use by time needed; maintains audio, audio visual, and other supplies and equipment used for training purposes.
  • Confirm you understand and interact with key stakeholders to ensure the consistent application of policies and practices across all technology projects, systems and services.
  • Pilot: work effectively across the business to facilitate information security risk assessment and risk management processes and ensure alignment between security, technical architecture, and coding processes.
  • Perform security risk assessments and recommend security requirements for new and existing information technologies, systems, applications, and services.
  • Establish and maintain effective working relationships with elected officials, department heads, vendors, other county employees, and members of the public.
  • Confirm your organization oversees the development, training, and testing of all hazard business continuity and crisis management plans to ensure the protection of people, data, and property.
  • Create and advocate Security Awareness education to facilitate the prevention of security issues and vulnerabilities and ensure secure coding practices are followed.
  • Ensure you lead risk assessment processes and oversee implementation of security plans and corrective actions in order to mitigate new and emerging information security risks.
  • Perform ongoing information risk assessments and audits to ensure that information systems are adequately protected and meet HIPAA and other regulatory requirements.
  • Evangelize security services and awareness across your organization Security Awareness Program, promote security controls across your organization.
  • Analyze and proactively identify areas where policies can be improved, provide recommendations for new products or changes to mitigate business risk.
  • Lead internal and external security compliance assessment review and perform self inspections to ensure compliance with government and organization regulations and requirements.
  • Lead: information, product, personnel, property, facilities, and operations from unauthorized disclosure, misuse, theft, vandalism, product tampering, espionage, sabotage, or loss.
  • Perform vulnerability assessments against networks, systems, and applications, and work with IT Services staff to eliminate vulnerabilities found or otherwise mitigate the associated risks.
  • Initiate and oversee the development, implementation, administration, monitoring and improvement of security/loss prevention plans, policies, programs, procedures and protocols.
  • Secure your organization employees are obligated to know and perform the duties in accordance with policies, standards, and procedures related to security and report security violations to the appropriate authority.
  • Arrange that your organization identifies and specifies standard information systems security requirements associated with migrations to new IT environments/applications and provides guidance in planning and implementing migration activities.
  • Pilot: partner with engineering, product, it, legal and compliance and quality assurance to build programs to raise the application Security Awareness in your organization.
  • Identify security sensitive functionality in apps and services lacking security coverage and build out automation to bring Security Awareness into the affected areas.


Categories: Articles