{"id":246,"date":"2025-04-28T21:45:43","date_gmt":"2025-04-28T21:45:43","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/cyse-200-cybersecurity-technology-society\/?page_id=246"},"modified":"2025-04-28T21:50:38","modified_gmt":"2025-04-28T21:50:38","slug":"write-up-creating-cybersecurity-policies","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/cyse-200-cybersecurity-technology-society\/write-up-creating-cybersecurity-policies\/","title":{"rendered":"Write Up: Creating Cybersecurity Policies"},"content":{"rendered":"\n

1. Objective<\/strong>
The Objective of this policy is so that a structured framework is ensured that all service members, staff
members and contractors have enough training to notice and respond to security threats.<\/p>\n\n\n\n

By utilizing this
training service members, staff members and contractors will be able to minimize risks and strengthen the United States Air Forces cybersecurity.
<\/p>\n\n\n\n

2. Extent
<\/strong>This policy has relevance to all service members, staff members and contractors and any other person who require access to our network IT system, information, or facilities. No one is Excluded.
<\/p>\n\n\n\n

3. Developmental needs
\u2022 Entry level Training: During the onboarding process All employees and service members must
complete security awareness training that has to which in the first 30 days.
\u2022 Continuous Training: Security awareness training will be done yearly to ensure service members, staff members and contractors stay updated with new threats and best practices.
In addition, training is essential if there are key developments in the threat landscape or internal
policies.
\u2022 Specialized Training: Due to sensitive data and clearance levels Specialized tasks are required
for IT staff, NCOIC, Officers and senior management
<\/p>\n\n\n\n

4. Training Modules<\/strong>
The United States Air Force Security awareness training Regimen will be included, but not be limited to,
the following Subjects:
\u2022 Deceptive online tactics: How to Notice and answer to engineering attacks, targeted-phishing,
and other forms of ransomware.
\u2022 Credential Management: How to generate and mange well-fortified passwords, in addition to
using multi-factor authentication (MFA).
\u2022 Data security & Confidentiality: This teaches why it is critical to protect sensitive information,
which includes personal data, intellectual property, service member data and consumer data.
\u2022 Mitigate use Technology: This teaches how to safely access the internet, email, mobile devices,
and other technology equipment within our workplace.
\u2022 Access control: These procedures are for securing workstations, managing real time security
threats, and securing devices that are inactive.
\u2022 Occurrence Reporting: This teaches how to notice security incidents and the procedure for
reporting probable security threats or vulnerabilities.
<\/p>\n\n\n\n

5. Skills Development<\/strong>
\u2022 Format: Training will be done by either by scheduling in person on virtual lessons, which will
include hands on demonstration,
\u2022 Frequency: The United States Airforce Security awareness training is required annually, with
additional lessons if new security threats arise or major system updates takes place.
Monitoring & Recording: The United States Airforce Security awareness training completion
for servicemembers, staff members and contractors will be monitored and recorded in a central
repository. This will be evaluated by the NCOIC, HR department, Chief and cybersecurity team
frequently.
<\/p>\n\n\n\n

6. Duties and Obligations<\/strong>
\u2022 Human Resources & NCOIC: Will ensure that servicemembers, staff members and contractors
complete the required training during onboarding and monitor engagement for yearly re-training.
\u2022 IT\/Security Team: The IT and security teams will create, maintain, and update the training
content and deliver sessions. They will also monitor compliance and provide assistance with
technical security training.
\u2022 Employees & Service members: All servicemembers, staff members and contractors must
engage in The United States AirForce security awareness training and administer the learned
practices in their day-to-day work activities. They must also report any suspicious activities or
Threats in accordance with the United States Air Force occurrence reporting procedures.
<\/p>\n\n\n\n

7. Enforcement<\/strong>
\u2022 Non-Compliance: If the United States Air Force security awareness training is not completed in
the appropriate timeframe this will result in disciplinary action, which could possibly include the
loss of access to our system network, Article, loss of contract or termination of employment,
depending on the severeness of the violation.
\u2022 Audits: regular audits will be done to make sure servicemembers, staff members and contractors
have completed their obligated training. In addition, Random testing may take place to ensure the
effectiveness of training.
<\/p>\n\n\n\n

8. Evaluation & Improvement<\/strong>
\u2022 Response system: Servicemembers, staff members and contractors will be motivated to give
feedback on the training material, delivery methods, and significance. The feedback will be
utilized to help enhance our future training regimen.
\u2022 ongoing development: The efficiency of the United States Air Force security awareness training
regimen will be evaluated yearly based on servicemembers, staff members and contractors,
incident response data, and evolving threats. The Training information is updated on a regular
base to ensure they reflect the latest security threats and best practices.
<\/p>\n\n\n\n

By adhering to this Security Awareness Training Policy, the organization aims to reduce the risk of cyber threats and ensure a safe working environment for all employees and service members.<\/p>\n","protected":false},"excerpt":{"rendered":"

1. ObjectiveThe Objective of this policy is so that a structured framework is ensured that all service members, staffmembers and contractors have enough training to notice and respond to security threats. By utilizing thistraining service members, staff members and contractors… Continue Reading →<\/a><\/p>\n","protected":false},"author":20749,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/cyse-200-cybersecurity-technology-society\/wp-json\/wp\/v2\/pages\/246"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/cyse-200-cybersecurity-technology-society\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/cyse-200-cybersecurity-technology-society\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/cyse-200-cybersecurity-technology-society\/wp-json\/wp\/v2\/users\/20749"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/cyse-200-cybersecurity-technology-society\/wp-json\/wp\/v2\/comments?post=246"}],"version-history":[{"count":3,"href":"https:\/\/sites.wp.odu.edu\/cyse-200-cybersecurity-technology-society\/wp-json\/wp\/v2\/pages\/246\/revisions"}],"predecessor-version":[{"id":250,"href":"https:\/\/sites.wp.odu.edu\/cyse-200-cybersecurity-technology-society\/wp-json\/wp\/v2\/pages\/246\/revisions\/250"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/cyse-200-cybersecurity-technology-society\/wp-json\/wp\/v2\/media?parent=246"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}