Write Up: Creating Cybersecurity Policies
1. Objective
The Objective of this policy is so that a structured framework is ensured that all service members, staff
members and contractors have enough training to notice and respond to security threats.
By utilizing this
training service members, staff members and contractors will be able to minimize risks and strengthen the United States Air Forces cybersecurity.
2. Extent
This policy has relevance to all service members, staff members and contractors and any other person who require access to our network IT system, information, or facilities. No one is Excluded.
3. Developmental needs
• Entry level Training: During the onboarding process All employees and service members must
complete security awareness training that has to which in the first 30 days.
• Continuous Training: Security awareness training will be done yearly to ensure service members, staff members and contractors stay updated with new threats and best practices.
In addition, training is essential if there are key developments in the threat landscape or internal
policies.
• Specialized Training: Due to sensitive data and clearance levels Specialized tasks are required
for IT staff, NCOIC, Officers and senior management
4. Training Modules
The United States Air Force Security awareness training Regimen will be included, but not be limited to,
the following Subjects:
• Deceptive online tactics: How to Notice and answer to engineering attacks, targeted-phishing,
and other forms of ransomware.
• Credential Management: How to generate and mange well-fortified passwords, in addition to
using multi-factor authentication (MFA).
• Data security & Confidentiality: This teaches why it is critical to protect sensitive information,
which includes personal data, intellectual property, service member data and consumer data.
• Mitigate use Technology: This teaches how to safely access the internet, email, mobile devices,
and other technology equipment within our workplace.
• Access control: These procedures are for securing workstations, managing real time security
threats, and securing devices that are inactive.
• Occurrence Reporting: This teaches how to notice security incidents and the procedure for
reporting probable security threats or vulnerabilities.
5. Skills Development
• Format: Training will be done by either by scheduling in person on virtual lessons, which will
include hands on demonstration,
• Frequency: The United States Airforce Security awareness training is required annually, with
additional lessons if new security threats arise or major system updates takes place.
Monitoring & Recording: The United States Airforce Security awareness training completion
for servicemembers, staff members and contractors will be monitored and recorded in a central
repository. This will be evaluated by the NCOIC, HR department, Chief and cybersecurity team
frequently.
6. Duties and Obligations
• Human Resources & NCOIC: Will ensure that servicemembers, staff members and contractors
complete the required training during onboarding and monitor engagement for yearly re-training.
• IT/Security Team: The IT and security teams will create, maintain, and update the training
content and deliver sessions. They will also monitor compliance and provide assistance with
technical security training.
• Employees & Service members: All servicemembers, staff members and contractors must
engage in The United States AirForce security awareness training and administer the learned
practices in their day-to-day work activities. They must also report any suspicious activities or
Threats in accordance with the United States Air Force occurrence reporting procedures.
7. Enforcement
• Non-Compliance: If the United States Air Force security awareness training is not completed in
the appropriate timeframe this will result in disciplinary action, which could possibly include the
loss of access to our system network, Article, loss of contract or termination of employment,
depending on the severeness of the violation.
• Audits: regular audits will be done to make sure servicemembers, staff members and contractors
have completed their obligated training. In addition, Random testing may take place to ensure the
effectiveness of training.
8. Evaluation & Improvement
• Response system: Servicemembers, staff members and contractors will be motivated to give
feedback on the training material, delivery methods, and significance. The feedback will be
utilized to help enhance our future training regimen.
• ongoing development: The efficiency of the United States Air Force security awareness training
regimen will be evaluated yearly based on servicemembers, staff members and contractors,
incident response data, and evolving threats. The Training information is updated on a regular
base to ensure they reflect the latest security threats and best practices.
By adhering to this Security Awareness Training Policy, the organization aims to reduce the risk of cyber threats and ensure a safe working environment for all employees and service members.