Identity Management and Security Awareness
Identity management, sometimes called identity and access management, is one of the most fundamental processes that play an important role in reinforcing organizational safety. It refers to a set of technologies and frameworks installed to ensure that the right individuals in an organization can access the premises, resources, and services (Silva et al., 2018). Identity management technologies and systems determine, authorize, and authenticate people who use information technology resources and the applications and hardware workers need to access. Therefore, awareness training on identity management is a prerequisite and a critical step towards guaranteeing the security of I.T. resources and information of an entity. For Creech Air Force Base Logistics, this can help deter cybercriminals and other unauthorized persons from gaining access to private and unauthorized databases and software, including financial information. Therefore, this paper will broadly explore the identity management and security awareness strategy and plan for Creech Air Force Base Logistics.
Identity Management/Security Awareness Training Plan
Whenever organizational changes are made, whether a new system, strategy, or technology is being introduced, training employees to familiarize themselves with the new structures, rules, and requirements is imperative. This is a key step in increasing acceptability and implementation success. For Creech Air Force Base, all employees and personnel that will access the premises and the organization’s resources must complete a mandatory training program prior to being given access. Subsequent training sessions should also be organized to ensure that employees keep up-to-date with the technology, procedures, processes, policies, and requirements from time to time.
Identity Management Plan
- Remote Authorization
All organizational controls will be designed and implemented based on standard regulations. In particular, all users must have completed the requisite training program and be informed about the required clearance protocols. Most importantly, as the Department of Defense stipulated, all remote access users must meet the extra regulations, such as signing the D.D. Form 2946 and the DoD Telework form (U.S. Department of Air Force, 2020). The DOD will supply all other equipment, such as end-point security, software, and encryption, in line with Order 08-001 of the U.S. Command Cyber Tasking.
- Mobile and Enterprise Authentication
Introducing enterprise and mobile authentication is the first step towards restricting user access and reinforcing overall security. All individuals that use Creech’s network will do so through a personalized password. Also, accessing the premise’s network will require a special Access Card or Hardware Token, which uses a Public Key Structure certification process to provide a two-factor authorization policy. To be authorized to access the facility’s network, the user must pass the hardware token into the reader before presenting a unique Personal Identification Number. On the other hand, mobile authentication requires that the device is equipped with a mobile reader that employs Public Key Infrastructure certificates, which perform the authentication process (Adams & Lloyd, 2003).
- Security Awareness Training Plan
- Identifying the Training Needs through A Network Analysis
The first and most critical step in providing training services is to identify the training needs. This is usually done by conducting a needs analysis to establish the shortcomings present, the skill sets and experiences of the workforce, as well as the technologies being rolled out. For example, the first step is to identify information leakage and internal and external threats to the existing (and, thereof, absent) security measures. Usually, information leakage in Creech Air Force Base can be the root cause of several problems across many domains, such as data being stolen or lost due to employee negligence, lack of proper security skills, or information spillage. Therefore, the first step is for the Cybersecurity and Wing Cybersecurity Office to identify security gaps as well as evaluate the institution’s skills and experiences. This will help to establish a training plan, including what type of training should be offered and how frequently it should be delivered (Wick, 2018).
- Initial Training
As a military unit, all staff members must pass a Cyber Awareness Challenge and, upon completion, present the certificate of proof to the Cybersecurity Liaison department as well as the Wing Cybersecurity Officer for review. Upon passing these steps, the employee’s resume and certificate will be filed in the Active Directory, and the individual will be approved to access the premise. A note will also be created as a reminder for when the next training will be required. Training can also be conducted to mitigate the security issues identified in the Needs Assessment report (Drolet, 2018). For example, if insider threats are rampant, the organization can establish an Insider Threat training program comprising initial security awareness and training, information sharing, auditing and monitoring, and response/reporting. The training can be given to supervisors and commanders to guarantee compliance and ease of identification, reporting, and mitigation of insider threats.
- Testing and Monitoring the Training Impacts and Efficiencies of the Identify Management Plan
After providing comprehensive training to all employees and installing all identity management plans like enterprise mobile authentication and policies, the next crucial step is to lay out a plan for evaluating, monitoring, and correcting the missteps in the system. Testing is important to discover whether the security plan is working properly. On the other hand, testing the impact of the training sessions is a critical step as it will reveal whether the session has been impactful or not. This includes monitoring in real-time the number of security incidents reported in the institution after training (Drolet, 2018).
- Providing Subsequent Yearly Training
It is important for Creech Air Force Base to stipulate in the training plan how frequently each staff member should undergo training to ensure that workers keep up-to-date with the most recent technologies, software, protocols, and processes in security delivery. Typically, all security awareness training programs must provide an annual refresher training exercise to ensure that workers are kept abreast of the new technologies and implement and integrate them into the overall security system. Usually, the training updates are automatically fed Active Directory from the Advanced Distributed Learning Service, permitting uninterrupted account management (Drolet, 2018).
Conclusion
Identity management is a crucial process that plays an important role in reinforcing organizational safety. Creech should adopt two important strategies: mobile and enterprise authentication and remote authorization. On the other hand, the four critical steps to ensure comprehensive security awareness training include identifying organizational needs, initial training, monitoring progress, and performance, as well as providing subsequent yearly training.
References
Adams, C., & Lloyd, S. (2003). Understanding PKI: Concepts, Standards, And Deployment Considerations. Addison-Wesley Professional.
Drolet, M. (2018). Security Smart: 4 Steps To Launch A Security Awareness Training Program. CSO. Retrieved from https://www.csoonline.com/article/3246455/4-steps-to-launch-a-security-awareness-training-program.html
Silva, E. F., et al. (2018). ACROSS: A Generic Framework For Attribute-Based Access Control With Distributed Policies For Virtual Organizations. Future Generation Computer Systems, 78, 1–17. doi:10.1016/j.future.2017.07.049
U.S. Department of the Air Force. (2020). Air Force Manual 17-1301: Compliance with the Publication is Mandatory. Computer Security (COMPUSEC). Retrieved from https://static.e-publishing.af.mil/production/1/saf_cn/publication/afman17-1301/afman17-1301.pdf
Wick, A. (2018). Network Security Analysis: A New Approach. Network Computing. Retrieved from: https://www.networkcomputing.com/networking/network-security-analysis-new-approach
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Identity Management and Security Awareness
Utilizing your comprehensive security plan outline as a guide, develop the identity management and security awareness training plan strategy for the organization.
Identity Management and Security Awareness
Based on this outline attached, new subject can be added and also sources without a problem as long as it remains about the subject Creech Air Force Base Logistics sector…
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.