SETA: Need of the Hour
In the domain of Computer Security, there are two types of devices – silicon devices and carbon devices. The silicon devices are all the smart gadgets, hardware and software, handheld devices, computer systems and humongous servers. Whereas the carbon devices are none other than the humans, the ones who use the computer system. Now, these carbon devices create these silicon devices and configure them to perform with great security. But how can we ensure that the carbon devices work in a secured fashion?
A computer user present anywhere in this world is – Dangerous. S/he has a tendency to make mistakes and in the domain of IT security, a single mistake can cause tremendous and irrecoverable losses. From DBAs, Network Manager, President to Programmers, Technicians and Secretaries – all are users. Just imagine the amount of company’s data that can be put to stake if any one of these employees, some of the mentioned having high privileges, accidentally opens up a malicious link on his organization’s computer.
Hence, there are certain countermeasures that can be put in place by the organizations such as:
- Maintaining a clear information Security Policy
- Implement and maintain best technical resources for security enhancement
- Implement and maintain a Security Education and Training Program – SETA
- Stealth Continuous Awareness Program
The silicon devices have multiple security countermeasures that are being implemented and ensure safety to a fairly good extent. But the carbon devices i.e. the humans who are putting into place these security countermeasures need to be trained well enough so that they don’t commit any mistakes which may cause problems. Hence, in this article, I would like to emphasize the need of Security Education, Training and Awareness (SETA) Program. I would also briefly introduce the topic of Stealth Continuous Awareness Program (SCAP).
A SETA Program is an educational program that is conducted by an organization to increase the awareness of the user. The primary objective of this program is to reduce the data breaches that occur in an organization. By doing this program, a user’s behaviour improves and leads to increased accountability of their actions. The SETA program is implemented in three levels:
- First level: It is the most common, simple and effective way. It introduces the user to the important concepts of information security and the consequences of their acts. It’s implemented on new users or users who don’t have any past SETA experience. The user is made aware about various concepts, data flow and the risks involved in any operation. The resource usage is very extensive so that the user is able to fully imbibe into the information security world.
- Second level: Here the skills of every user is increased so that all the users involved are able to understand their roles and responsibilities. It involves each user in the Information Security Process. It is a continuous process and never ends.
- Third level: In this, people possess very high level of security and hold key positions in the organizations. They may be CISOs or CEOs or Presidents of the organization. Their training is also important as if there is any data breach at the cost of their carelessness, it would be very costly for the company.
The SETA program can be implemented through following resources:
In case of Stealth Continuous Awareness Program, the same awareness is carried out but in a less formal way i.e. through posters, social media, pictures, drawings and news. But most of the employees may not be able to perceive the message that you as a CISO of your company may want to convey. Hence, it is not as effective as SETA.
Hence, to conclude, SETA is the need of the hour to limit data breaches that are occurring in organizations in a much effective way. It must done perfectly and in a timely fashion. It must be done very formally. The don’ts for this program are that excess information should not be passed and wrong programs should not be executed. A SETA program is a good idea to make the dangerous user residing in your organization help you safeguard in the online world.