Security Awareness Program
Purpose
This proposal aims to design and implement a security awareness plan for the Multiple United Security Assurance (MUSA) Corporation Integrating Security Ltd. The organization does not have basic security policies and procedures, putting MUSA at a disk low-security level and increasing its rate of cybercrime and data theft at a high rate. Because the organization does not have a scheduled timeframe for conducting cybersecurity awareness campaigns, people get into the trap of social engineering and phishing: Security Awareness Program.
Secondly, the organizational infrastructure is under threat because an intrusion detection system has no such security tool. These facts are supported by the fact that organizations with a good security culture record fewer breaches and incidents because the employees can detect the early stages of threats and respond effectively to their cause (Bada et al., 2019). The aim of this proposal is to develop a secure infrastructure that incorporates a corporate-wide data security culture, enhances data security, and reduces internal and external threats.
Security Posture
A review of MUSA Corporation’s activities shows its lack of attention to security, which has left it vulnerable to cyber-attacks, losses, and even reputational damage. Employees, for instance, do not receive any form of cybersecurity awareness training and, therefore, are likely to fall victim to phishing and social engineering attacks. Additionally, a lack of policies and procedures regarding how configuration changes are managed these days exposes the organization to security misconfiguration and inappropriate access threats. Furthermore, without even an intrusion detection or prevention system, the organization is attacked time and again, and these activities go unnoticed.
Incomplete algorithms for the collection and analysis of logs make detection of incidents, investigation, response, and tracking of security incidents almost impossible. The absence of a media access control policy does not limit the activities of employees but does increase the chances of data leakage and the use of unauthorized devices that gather sensitive information from the corporate network. It is made easier still by weak data protection mechanisms such as a failure to encrypt information and hash processes which give unauthorized access to protected information.
Not addressing and placing mechanisms for these potential security loopholes including conducting vulnerability assessment at least after every period of three years makes it worse. The lack of structured employee readiness programs and work planning strategies contributes to high employee turnover and low morale, which can lead to insider threats and overall workplace dissatisfaction (WILLIE, 2023). The high number of incidents and reports of security breaches within the company hints at an underlying problem around work ethics and the need for strict security measures.
In addition, these weaknesses in security practices are further exacerbated by the absence of compulsory leave and role segregation, which would serve to mitigate the possibility of access abuse and fraud. Therefore, there is a need to implement a security culture program to help reduce these worrying risks and to improve security behaviors and policy adherence within the organization.
Human Factors Affecting Security
Human factors are a significant player in determining the security posture within an organization. At MUSA Corporation, the absence of cybersecurity awareness resulted in employees practicing unsafe behavior that made them more susceptible to cyber-attacks. People engaging in unintentional threats act as a hazard when they get lured by phishing emails as a result of inadequate education concerning bogus emails and social engineering strategies. So long as there is a lack of training, employees can easily be misled into sharing confidential information or even clicking harmful links (Hadnagy, 2019).
Intentional threats are deliberate and come from dissatisfied employees or individuals who pose a malicious insider threat that may even result in data theft, unauthorized changes, or even system sabotage. Employees’ negligence such as poor password abuse, lack of authentication when needed, installation of off-the-shelf applications, and ignoring security policies are the others that make the organization remain vulnerable (Humaidi & Shahrom, 2023).
Organizational employees’ stress as well as dissatisfaction caused by high turnover rates and low morale will give room for security laziness, which is the deliberate relaxation of security policies, and increases the risk of the organization (Rohan et al., 2021). The security awareness program will employ these measures as a way of solving these security problems by providing targeted training modules, carrying out phishing simulations, and enforcing the best ways of doing security.
Organizational Factors
The organizational aspects greatly enhance the negative security culture at MUSA Corporation. Various systemic factors need to be resolved to improve the security posture of the organization (Gu & Wang, 2024). There are gaps in data flow control such that data is transmitted around the organization without any restriction which increases the possibility of unauthorized use of sensitive information. A negative attitude towards security exists in the company due to inadequate work performance conditions and the protocols and procedures that define and govern security measures, for example, adopting a security culture is absent.
These risks are further compounded by poor work planning and control whereby employees might unknowingly practice unsafe activities that endanger cybersecurity. Furthermore, employees are not prepared to identify and respond to cyber threats because of the absence of employee readiness programs that focus on security issues. In addressing these gaps, the security awareness initiatives will develop policies, periodic training, and periodic inspections to check compliance with the said rules and best practices (Tedla, 2020).
Conclusion
Implementing a comprehensive cybersecurity training program must be a top priority within the MUSA Corporation to strengthen its current security posture. This security awareness program will overcome significant security weaknesses, increase the awareness of employees, and nurture a security culture. In this way, MUSA Corporation will also be able to improve its cybersecurity posture and safeguard its assets through training, policy formulation, and routine supervision.
References
Bada, M., Sasse, A. M., & Nurse, J. R. C. (2019). Cyber Security Awareness Campaigns: Why do they fail to change behaviour? https://arxiv.org/abs/1901.02672v1
Gu, L., & Wang, J. (2024). Issues in Information Systems The impact of organizational factors on security behavioral intentions. 25(3), 26–35. https://doi.org/10.48009/3_iis_2024_103
Hadnagy, C. (2019). Social Engineering: Science of Human Hacking. In Social-Engineer. John Wiley & Sons, Inc.
Humaidi, N., & Shahrom, M. (2023). Assessing Employees’ Cybersecurity Attitude Based on Working and Cybersecurity Threat Experience. African Journal of Information Systems, 15(3), 206-221 WE-Emerging Sources Citation Index (ESC.
Rohan, R., Funilkul, S., Pal, D., & Chutimaskul, W. (2021). Understanding of Human Factors in Cybersecurity: A Systematic Literature Review. 2021 International Conference on Computational Performance Evaluation, ComPE 2021, April 2022, 133–140. https://doi.org/10.1109/ComPE53109.2021.9752358
Tedla, T. (2020). The Impact of Organizational Culture on Corporate Performance. Walden Dissertations and Doctoral Studies. 8. https://scholarworks.waldenu.edu/dissertations
WILLIE, M. M. (2023). The Role of Organizational Culture in Cybersecurity: Building a Security-First Culture. Journal of Research, Innovation and Technologies (JoRIT), 2(16), 180. https://doi.org/10.57017/jorit.v2.2(4).05
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Assignment Information
IT 552 Milestone One Guidelines and Rubric
Overview
For the final project of this course, you will assume the role of Chief Information Officer for a security organization. The CEO has asked you to create a security awareness program proposal.
In this milestone, you will take the first step in completing this project by creating the introduction to your proposal.
Directions
Begin by reviewing the case document, which provides you with information about the organization for which you are creating the security awareness program proposal. It is linked in the Supporting Materials section below.
Based on the information the CEO provided, write an introduction to your proposal that explains why you are writing the proposal, including existing conditions such as including the present security posture, human factors, and organizational factors.
Specifically, you must address the following rubric criteria:
Security Awareness Program
1. Purpose: Illustrate the purpose of the proposal using specific examples that demonstrate why the program is vital for the organization.
2. Security Posture: Make a justifiable claim about the overall security posture of the organization and support the claim using specific findings from the risk assessment
a. Explain the major findings of your risk assessment of the organization’s present security awareness policies, practices, and processes.
3. Human Factors: Identify specific human factors that adversely affect the security climate and illustrate their impact
Be certain to consider both unintentional and intentional threats.
4. Organizational Factors: Identify organizational factors that contribute to an unhealthy security culture and illustrate their impact using relevant examples of data flow, work setting, work planning and control, and employee readiness
5. Be certain to consider organizational data flow, work setting, work planning and control, and employee readiness.
What to Submit
Your paper must be submitted as a two- to four-page Word document with double spacing, 12-point Times New Roman font, and one-inch margins, in APA format.
Supporting Materials
The following resource supports your work on this assignment:
Resource: Final Project Case Document
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.