Developa SecurityPolicyandTestingPlan
Your organization was recently attacked with a malicious virus that originated from a file downloaded by an employee from
an email that appeared to come from a coworker. The employee immediately contacted information technology (IT) once he
noticed that the download was malicious.
The chief executive officer (CEO) now wants to implement a procedure so that everyone is aware of the potential harm that
can be delivered in emails and how they can be proactive. The CEO has tasked you with developing a policy that will be
sent to all employees and also drafting a plan to start testing employees by sending fake emails and tracking employee
actions.
Please include the elements listed below in your policy and plan.
Provide an introduction that gives an overview of the purpose for this document.
Discuss the planning needed for this activity.
Identify departments that need to be involved.
Develop a procedure for employees to report any suspicious activity. What steps should they take, and who should they
contact?
Research and develop a plan to start a security testing campaign to see how employees react to security messages that
are sent to their emails. You can investigate organizations that provide these types of campaigns to explore ideas for
how to train your employees.
