Problem
Develop a Security Policy and Testing Plan
Your organization was recently attacked with a malicious virus that originated from a file downloaded by an employee from an email that appeared to come from a coworker. The employee immediately contacted information technology (IT) once he noticed that the download was malicious.
The chief executive officer (CEO) now wants to implement a procedure so that everyone is aware of the potential harm that can be delivered in emails and how they can be proactive. The CEO has tasked you with developing a policy that will be sent to all employees and also drafting a plan to start testing employees by sending fake emails and tracking employee actions.
Include the elements listed below in your policy and plan.
1) Provide an introduction that gives an overview of the purpose for this document.
2) Discuss the planning needed for this activity.
3) Identify departments that need to be involved.
4) Develop a procedure for employees to report any suspicious activity. What steps should they take, and who should they contact?
5) Research and develop a plan to start a security testing campaign to see how employees react to security messages that are sent to their emails. You can investigate organizations that provide these types of campaigns to explore ideas for how to train your employees.