Question

Anytown USA Bank prides itself on being very responsive to its customers. It offers a 24-hour staffed customer care center with a toll-free number. Over the past year, there has been a significant decline in calls and a corresponding increase in email service requests. As Information Security Officer (ISO), you are very concerned that customerinformation classified as “protected” is being sent via email or email attachments. You have requested a meeting with the Director of IT to explore “secure email” options since regular email is sent across the Internet in plain text. In the meantime, you want to make sure that employees understand the danger of using regular email.

1. Working with the training department, you are going to launch a security awareness campaign. The theme is “Email = Postcard.” The message is that users should never write anything in an external email that they wouldn’t write on a postcard.

a. Create a security awareness campaign focused on this topic. Include in this plan specifics on how you intend to deliver the message.

b. Create at least one piece of supporting collateral.

c. Design a way to test the effectiveness of your message.

2. Before launching the campaign, you want to make sure you have the full support of the executive management.

a. What type of “educational” program would you develop for management?

b. What would the message be?

3.Outline the SETA program that will be needed to ensure the success of the “secure email” application.

Answer 1

Project Title:

Information security Awareness Campaign

Submitters:

Project Team

Project Summary

The purpose of this security awarenesscampaign is to inform Anytown USA Bank customers the best way to avoid sharing their sensitive information openly as it has been evident through our channels of communication. This campaign is intended to ensure that every user sensitive information send to us is secure and free from any attacks by unauthorized personnel by coming up with a secure massaging.

Project Description                

The project will involve a special software development that will solve the raising of exposure cybersecurity issues concerned with information theft. The issue of information secure as become very sensitive and for that reason we have to ensure secure communication within the company. This is concerning the raising emailing requests received from our customers and also regarding the 24 hour services the company has been providing to the customers who usually pass there information through emails. If the communication continues this way we might run into a great cybersecurity problems. I therefore suggest a new way of dealing with the customer request and responses so that it can be secure communication with minimum or no exposure to cybersecurity threats.

My massage to the customers will be that they should never write anything in an external email that they cannot write on postcards. This will ensure no more exposure to the risk that may occur when there information lands on illegal users who may use that for Identity theft to gain on behave of them illegally. The massage will be passed to each and every one of Anytown USA Bank Customer. This will be passed through same emails as usual as it is the most used means of communication within this organization and it will be easier for the customers to get the massage through the emails compared to any other means. The information will be well explained to the customers to ensure clear understanding the importance of the company decision regarding their safety. They will be also provided with the new way in the company has come up with to solve the issue including the use of the new secure email   programs which will be provided to them.

The customers are to be explained the dangers and negative impacts that may result from liking of personal data and great they may affect their privacy . This will be done through a short massages to their emails and also they will be provided with magazines from the company explaining in more details about   every issues concerning the newly implemented practices for clear understanding .

All those new policies will be passed to all the staff to ensure that they have knowledge of   what to be done so that they can be confident to approaching customers and explain this to them when the customers need explanation. The all the staff will   be joining some Tutoring concerning the issues and how to avoid them which them in   improving the   way they handle the company information which will also ensure secure information handling within the organization. This tutoring will provide the staff with the knowledge and tactics of dealing with information in the most secure way.

This will be taken seriously and it should be addressed   to all the customers as well as the staff via all the means that is media , magazines and seminars.

To solve the issue of securing our customer information a special program is needed. This program should be well secured to ensure safe environment for sensitive information exchange. The program is expected to have the latest most advance levels of security   recommended   that will secure the data from attacks. The program will be the new way of communication between the customers and the staff where the information send through this system will be secure from access by any   other person rather than authorized AnyTown USA Bank staff. All   our customers   will be required to install the program on their phones for the purpose of communicating   anytime with full guarantee of safety.

This application will have no charges for our users it will be free with   no charges as it is intended to help the customers reach our services in the most secure way when   downloading this software the customer will have to register with their full legal names which are recognized by the company and their Identification numbers. This ensure no identity theft and only our customers will be using this applications

With this put in practice we will fight the threats that are involves with information theft. The policy is to be review frequently according to what the board of management will discuss if they pass this proposal.

I request for the management team for support on the issue where I will be able to start this campaign . My aim is ensuring information security among our customers