Implementing an Information Assurance Awareness Program: A case study for the Twenty Critical Security Controls at Consulting Firm X for IT Personnel

As a consultant within a large, growing, high-profile consulting firm, this challenge is interesting in terms of preventing potential future cyber-attacks. The organization supports a large number of sensitive US Government projects, including hosting or developing portals and applications as part of the work. Protecting this organization’s networks indirectly protects sensitive US Government networks as well. Consulting Firm X, known internally as the Firm, primarily supports clients in the public sector and many of the senior executives are retired senior government and military officials. This relationship has often caused the Firm negative publicity and public opinion among those who do not trust the US Government and its policies. Often, the Firm is the target of cyber-attacks. Therefore, the Firm must maintain a high level of Information Assurance preparedness and awareness in implementing security controls. IMPLEMENTING AN INFORMATION ASSURANCE AWARENESS PROGRAM 2