Security Awareness Training

Add your answer to this file and format your answers in blue font.

Answer the following to the best of your ability in complete sentences with proper spelling and grammar. Be sure to elaborate on your answers and provide support for each of your statements. Your textbook and your own knowledge are your sources for answering questions unless otherwise instructed. Recall that you must cite any sources, and it is never okay to copy from any source. Answers should be paraphrased in your own words, and you should explain your answers and support your statements. TurnItIn Plagiarism checking is run against all submissions. Your work must be below a 40% match overall and no more than 20% match per question (this is only for your answers, not the included questions). There is a draft TurnItIn submission for you to check your work before submitting. I suggest you take advantage of that.

This week you will be working on Part 3 of the project.

Project Part 3: Security Awareness Training

Scenario

You have been in your role as the CIO for Premier University for almost one year. In that time, you have managed to hire a chief information security officer (CISO) to oversee Premier University’s information security program. The CISO is working to address the university’s GLBA data safeguarding requirements that you previously provided to the Premier University president.

The CISO notes that guidance from the Department of Education Office of Federal Student Aid in 2016 recommends that higher education institutions use NIST SP 800-171 to protect the confidentiality of the student financial aid data that the institution uses and stores.

You recently notified the university’s president that information security awareness and training is a gap in the institution’s written information security program. Even though a high percentage of higher education institutions require mandatory information security awareness training for faculty and staff, the university president remains unconvinced that Premier University should require information security training.

Tasks

Using your knowledge of the circumstances of the data breach that the institution experienced over a year ago, guidance from the Department of Education Office of Federal Student Aid, as well as other sources you researched, write a persuasive memo to the Premier University president that argues that the institution should implement mandatory information security awareness training for all faculty and staff.

For this part of the project:

• Read the Department of Education Office of Federal Student Aid at https://ifap.ed.gov/dear-colleague-letters/07-01-2016-gen-16-12-subject-protecting-student-information.
• Research the need for security awareness training for faculty and staff at public universities, such as the latest EDUCAUSE Information Security Almanac
• Write a persuasive, professional memo that addresses the need for security awareness training.
• In the memo, include any sources you consulted.

Required Resources

• Internet access
• Course textbook

Submission Requirements

• Format: Microsoft Word (or compatible)
• Font: Times New Roman, size 12, double-space
• Citation Style: Use APA 7 style guide
• Length: 2 pages

Self-Assessment Checklist

• I addressed the need for security awareness training for university faculty and staff.
• I created a professional, well-developed memo with proper documentation, grammar, spelling, and punctuation.
• I followed the submission guidelines.