Abstract:

The intent study of this article is to fortify the protection of sensitive data and information from breach any means necessary from attack either an insider or an outsider in the organizations. In every firm, the core achievement of its information security is to entrust the CIA-Trid; Confidentiality, Integrity and Availability of all of their resources and the liable personnel to disclose confidential information from breach is the end users of the system, having them in their respective field of assignment accordingly. This year 2017, research and analysis information gathered on the incident which took event on May/June ransomware cyber-attacks “WannaCry and Petya” affected many organizations such as companies and government agencies in different countries around the world demanding a ransomware bitcoin $300 method of payment, failure to comply will be subject to accumulate in double every day repeatedly. The breadth of study is to introduce the End User Security Awareness Campaign in the Organizations as a routine practice to stay awake from numerous information security threats, vulnerabilities and concurrent cyber-attacks circulating in different organizations around the global countries. To achieve the objectives, end users will partake in continuous awareness training and assessment through social engineering practices and procedures on how to stay vigilant to prevent every user from such attacks. The organizational IT function will also partake the involvement of hardware and software firewall applications, regular windows updates and patches, consistent antivirus updates, which will restrain the vulnerabilities to risk and any associate attacks to that effect.

Keywords: End user security awareness from information security threats, vulnerabilities and cyber-attacks.

References:

[1]. Adam L. Young, M. Y. (27 June 2017.). The Birth, Neglect, and Explosion of Ransomware. Communications of the ACM, Vol. 60 No. 7, Pages 24-26.

[2]. Anderson, J. M. (2003). Why we need a new definition of information security: Computers & Security. ISBN.

[3]. B., M. E. (2001). Information security is information risk management. ACM.

[4]. Evans, M. (2 July 2017.). Business News: Hospital Is Forced To Scrap Computers. The Wall Street Journal.

[5]. Henley, J., & Solon, O. (27 June 2017). Petya ransomware attack strikes companies across Europe and US. The Guardian.

[6]. Jannsen, C. (9 October 2014). "Security Architecture". Janalta Interactive Inc.

[7]. Kiountouzis, E., & Kokolakis, S. (n.d.). Information systems security facing the information society of the 21st century. London: Chapman & Hall, Ltd. ISBN 0-412-78120-4.

[8]. Perrin, C. (31 May 2012.). "The CIA Triad". ISDN.

[9]. Pipkin, D. (2000). Information security: Protecting the global enterprise. New York: Hewlett-Packard Company.

[10].  Schofield, J. (28 March 2016). How can I remove a ransomware infection. The Guardian.

[11].  Uchill, J. (28 June 2017). Overnight Cybersecurity: New questions about 'ransomware' attack – Tensions between NSA chief, Trump over Russia – Senate panel asks states to publicize election hacks. The hill.

[12].  Young, A. (2006). Cryptoviral Extortion Using Microsoft's Crypto API. International Journal of Information Security. Springer-Verlag.

[13].  Young, A. M. (1996). Threats and Countermeasures. ISBN.

[14].  https://en.wikipedia.org/wiki/Information_security.

[15].  https://en.wikipedia.org/wiki/Computer_security.

[16].  https://en.wikipedia.org/wiki/Network_security.

[17].  https://en.wikipedia.org/wiki/Ransomware.

[18].  https://en.wikipedia.org/wiki/Social_engineering_ (security).