By Fort Meade Public Affairs Office
Fort Meade’s Security Education, Training and Awareness (SETA) program consists of three elements: security education, security training and security awareness.
“We all need to be aware of our responsibilities as government employees to be vigilant and understand. It’s on each of us to know what to do in this area of securing the workplace and keeping each other safe,” said Brian Riffey, security specialist with Fort Meade’s Directorate of Plans, Training, Mobilization and Security.
There are five practical actions for identifying elements of security risks, said Riffey.
1. Identify critical information:
The first step is to determine exactly what data would be particularly harmful to an organization if it was obtained by an adversary. This includes intellectual property, employees’ and/or customers’ personally identifiable information, and financial statements.
2. Determine threats:
The next step is to determine who represents a threat to the organization’s critical information. There may be numerous adversaries that target different pieces of information, and companies must consider any competitors or hackers that may target the data.
3. Analyze vulnerabilities:
In the vulnerability analysis stage, the organization examines potential weaknesses among the safeguards in place to protect the critical information that leave it vulnerable to potential adversaries.
This step includes identifying any potential lapses in physical/electronic processes designed to protect against the predetermined threats, or areas where lack of security awareness training leaves information open to attack.
4. Assess risks:
After vulnerabilities have been determined, the next step is to determine the threat level associated with each of them. Companies rank the risks according to factors such as the chances a specific attack will occur and how damaging such an attack would be to operations.
The higher the risk, the more pressing it will be for the organization to implement risk management controls.
5. Apply appropriate countermeasures:
The final step consists of implementing a plan to mitigate the risks beginning with those who pose the biggest threat to operations.
Potential security improvements stemming from the risk mitigation plan include implementing additional hardware and training or developing new information governance policies.
“Individual and collective use of SETA in our everyday worklife will help keep us safe and secure as we serve our nation,” Riffey said.