Running head: INFORMATION SECURITY IN TECHNOLOGY 1

Information Security in the World of Technology

Name

Institutional Affiliation
INFORMATION SECURITY IN TECHNOLOGY 2

Information Security in the World of Technology

Introduction

The purpose of this essay was to address three important questions relating to employee

preparation or training, training techniques, and how to take employees through an information

breach course. In particular, the essay discussed several training methods that might be employed

to increase employees’ awareness on several security issues.

Educational Methods

The textbook provided many educational strategies that are helpful in training workers in

different fields. With every method, the approach and outcome differ in a significant manner.

Also, each of these methods also prepares learners for comprehending and applying knowledge

and content concepts in their everyday life. Equally, they argue that education offers learners the

necessary skills and competencies that are critical in performing different tasks. The first method

discussed in this book is the instructor-led training, also abbreviated as ILT. In particular, ILT

refers to any type of training that happens in a training conference, classroom, or office. This

type of training may also involve one or more instructors, training through the use of

presentations, discussions, or lectures and illustrations. A firm can use this training method to

impart important skills in its workers. For instance, assume a company is about to start updating

its internal accounting system; it may look for an expert to create a training program and train its

staff. To evaluate its effectiveness, ILT has to focus on producing learners who are competent

and proficient (Perez, & Kleczka, 2010). A formative evaluation may be done through feedback

from trainees and instructors.

The second method that has been discussed is eLearning. While online training often

comes in various forms, its outcomes become consistent when it is done in the right manner
INFORMATION SECURITY IN TECHNOLOGY 3

(Hebda, Hunter, & Czar, 2019). A company might consolidate its content into a platform that

may train its workers consistently. This kind of training is especially easier to set up, access, as

well as complete at the personal level compared to ILT. For the most part, online training would

offer an organization’s staff the confidence they need, whether in the same department or in

different offices within the firm. For example, with new hires, an organization may involve

eLearning training for them, and therefore, helping to lessen resources that are needed in

facilitating and running diverse training sessions. In efforts to measure the success of this

particular method, the instructor would have to look at the workers’ levels of engagement, work

performance, and engagement.

The third method is the self-guided learning. It uses different types of materials and study

resources, including manuals, which learners can follow to learn how new systems or processes

work. Specifically, an organization might leverage this unique method by supporting its staffs in

their self-guided efforts. For instance, a company can encourage this form of learning by

exploring professional goals with small groups of workers. Similarly, this method’s success may

also be evaluated by assessing the skills and knowledge of employees. The fourth method is the

just-in-time training (JIT). One importance of using this method is that it offers workers the

much-required information right at the time they need it the most. For instance, an example of

JIT could be when workers need to access particular products’ facts (Perez, & Kleczka, 2010).

Take a customer care representative as an example. He or she requires consumer-critical

information in efforts to sufficiently answer queries regarding a particular service or item. JIT’s

success may also be evaluating through assessing workers’ performance, engagement, and

productivity.
INFORMATION SECURITY IN TECHNOLOGY 4

The last method that has been discussed in the textbook is blended learning (Hebda,

Hunter, & Czar, 2019). It combines components of different training-delivery approaches to

optimize on learning and applicability, while at the same time, decreasing many of the expenses

required in the classroom setting, including accommodation, printed material, as well as face-to-

face costs. For example, assuming that an organization needs to perform a technological audit, it

will need to identify different learning systems, including highlighting any issues for its staff.

Here, blended learning would offer a dynamic approach to creating effective content by utilizing

different channels. One way to evaluate this method’s success is to assess employees’ retention,

productivity, and engagement.

Protecting Patient Information

Security Measures

Organizations must take appropriate actions and measures in protecting their information

and computer systems. They also argue that security tools often employ several rational and

physical restrictions in efforts to offer more protection, including the use of firewalls, antiviruses,

and spyware-detection systems. For instance, they argue that a simple logical measure would be

signing-off after using a company’s computer for a given period of no activity. As such, an

organization may implement an automatic sign-off mechanism for all its computer systems.

Specifically, this mechanism will play an important role in protecting the company’s information

because it will be able to automatically log users off its systems after a particular amount of time

or inactivity (Peltier, 2016). Importantly, this mechanism is particularly beneficial for healthcare

organizations because of the sensitive nature of their information. According to the textbook, the

level of security accorded a particular system must reflect its value as well as worth.
INFORMATION SECURITY IN TECHNOLOGY 5

Furthermore, companies may also use privacy screens as a means of protecting patient data from

hackers or unauthorized parties.

Some of the physical security measures that might be used as best practices in protecting

data in healthcare environment include setting up surveillance, disabling external devices, using

rack-mount servers, locking up information centers or servers, as well as protecting workstations.

Moreover, organizations might also decide to limit access into their data centers, protect their

printers, in addition to guarding portable devices through restricting access using encryption as

well as authentication. Some of the most vital security measures comprise file servers, computer

systems, and switches and routers in classified areas. As such, organizations have to restrict file

sharing and other means that expose their confidential information.

Administrative and Personnel Issues

Hebda, Hunter, and Czar (2019) argue that administrators have an important

responsibility to perform, including designing tools that monitor and protect customers’ private

and confidential information. As such, these administrators have to create plans, policies, and

structures that promote the best practices of organizational data in ways that ensure information

integrity. As such, administrators and top management must set forth good examples. They also

have to partner with security experts in efforts to devise centralized security measures. For

instance, such a partnership might result in the creation of full security plans, broad information-

security regulations, and company-wide security awareness programs. Equally, the company’s

security committees must ensure routine maintenance, continuing checks, and monitoring of the

company’s security needs. Moreover, collaboration is also important among different directors

and managers.
INFORMATION SECURITY IN TECHNOLOGY 6

Levels of Access

The authors also argue that firms should grant access to their systems whenever there is

need of doing so. Here, it implies that no personnel, including the company’s information

systems workers, should have regular access to the customers’ private information unless there is

need for doing so. In addition, an organization should grant its employees access to confidential

information based on job functions. Moreover, an organization should also restrict its personnel

from accessing any information without express permission from the management (Peltier,

2016). Similarly, the company should also review the security of its systems regularly, and

especially, whenever there is need.

Confidential information dumping and Usage

A company must treat all its customer-record data as private and confidential as much as

possible. In this way, it must ensure that such information is kept safe from third-party and

unauthorized access irrespective of its format. Furthermore, the organization must also ensure

that its computers and electronic systems are also protected. Scanned or printouts must also be

effectively disposed of, especially through burning or shredding them. However, effective

disposal policies have to be put in place. For instance, the company can dictate the types of

information that can be allowed through social media or emails.

Staff Education on Phishing and Spam Emails

Not long ago, malware was regarded as the greatest threat to organizations and their

business while phishing was only focused on the consumer markets. However, today, phishing is

a significant threat and one of the top social attacks on most businesses. Because there is no

security solution or cyber security strategy that is able to provide 100 percent of data breaches,

workers require training in efforts to understand what to expect, look for, and ways to protect
INFORMATION SECURITY IN TECHNOLOGY 7

themselves while performing their duties. Therefore, to understand phishing and email

spamming, the above-highlighted training methods can play a critical role in educating

employees on the different aspects of security and information protection.

Using the instructor-led training (ILT), I will design a security awareness and training

program around phishing and spam emails. I will then offer face-to-face training, showing

workers different ways of detecting phished emails. One benefit of using this method is that it

will allow me to add a ‘human touch’ and have personal interactions to the training method, and

thereby, promoting direct contracts with my learners. I will also be able to personalize the

learning experience, especially because I will be able to discuss and ask my learners questions

one-on-one during the presentation. Moreover, I will also be able to review concepts that might

be challenging for learners. The best way to assess students’ understanding of the course using

this method would be asking questions to test their levels of comprehension.

Moreover, using eLearning training, I will also be able to design a course that is flexible.

In particular, my training materials can be accessed and reviewed online at the learners’

convenience. With this method, learning will become more accessible to all workers irrespective

of their physical locations. For instance, they can listen to my lectures, follow the course

modules, as well as work on exercises or participate in discussion forums online. Some of the

ways to evaluate learners here include virtual lab participation, course work exams, as well as

group discussions.

Conclusion

This essay addressed three important questions relating to employee preparation or

training, training techniques, and how to take employees through an information breach course.
INFORMATION SECURITY IN TECHNOLOGY 8

It also discussed several training methods that might be used to increase employees’ awareness

on several security issues.

References

Hebda, T., Hunter, K., & Czar, P. (2019). Handbook of informatics for nurses and healthcare

professionals (6th ed.). New York, NY: Pearson. ISBN: 978-0134711010.

Perez, F. R., & Kleczka, T. A. (2010). U.S. Patent Application No. 12/582,505.

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for

effective information security management. Auerbach Publications.