discussion

Before you begin this discussion, read the required sections of the NIST report on training in this module’s resources. For your initial post, imagine you are a security analyst consulting with an HR administrator to develop a cybersecurity awareness campaign or cybersecurity training for all company employees. Select a topic for your awareness campaign from the following options:

• Policy—implications of non-compliance
• Unknown email and attachments
• Social engineering
• Incident response—contact whom? “What do I do?”
• Laptop security while on travel—address both physical and information security issues
• Supported and allowed software on organization systems—part of configuration management
• Access control issues—address least privilege and separation of duties
• Visitor control and physical access to spaces—discuss applicable physical security policy and procedures (for example, challenge strangers, report unusual activity)
• Protect information subject to confidentiality concerns—in systems, archived, on backup media, in hardcopy form, and until destroyed

Describe how you would either create an awareness campaign or a training program using techniques from the NIST report. Explain why the delivery method you chose would be more effective for addressing your topic.

Note: Select a topic other than the social engineering concepts you discussed in your Project Three Milestone.

In your response posts to peers, address the following points:

• Assess the proposed awareness campaign or training program. Do you agree or disagree with this approach?
• Which aspects of the approach were particularly effective? What would you change?
• Recommend one component of a post-implementation strategy that would ensure the awareness campaign or training program is effective.

To complete this assignment, review the

Discussion Rubric

.

RESPONSE ONE

To enhance cybersecurity awareness, I would develop a campaign focused on social engineering, a tactic that manipulates human behavior to bypass security measures. The campaign would use interactive workshops, short videos, and simulated phishing attacks to train employees on recognizing threats like phishing, pretexting, and baiting. Engaging infographics, posters, and security reminders would reinforce key messages, while gamified quizzes would encourage participation and retention. By combining hands-on learning with continuous reinforcement, employees will be better prepared to identify and prevent social engineering attacks.

This approach is effective because interactive and visual learning techniques improve retention and real-world application. Simulated attacks provide employees with hands-on experience in a controlled environment, helping them recognize suspicious behavior before falling victim. Continuous engagement through emails and gamified elements keeps security top of mind, fostering a security-conscious workplace culture. By leveraging these techniques from the NIST report, the company can significantly strengthen its defenses against social engineering threats.

RESPONSE TWO

As a security analyst consulting with an HR administrator, I propose a cybersecurity awareness campaign focusing on social engineering, one of the most common attack methods that exploit human psychology rather than technical vulnerabilities. To reduce the risk of employees falling victim to these attacks, this campaign will provide comprehensive education on recognizing, preventing, and responding to social engineering threats.

Following guidance from NIST Special Publication 800-50 on effective cybersecurity training, this campaign will utilize a multi-layered approach to engage employees and reinforce best practices. The campaign will include interactive e-learning modules, live workshops, phishing simulations, and continuous reinforcement through visual and written content.

The primary delivery method is a combination of e-learning modules and live workshops, as recommended by NIST. The e-learning modules provide flexibility for employees to complete the training at their own pace while incorporating quizzes to assess comprehension. Live workshops and webinars enhance engagement by including real-world role-playing exercises, allowing employees to practice identifying and responding to social engineering tactics in a controlled setting. This hands-on approach improves retention and encourages active participation, which aligns with NIST’s emphasis on interactive learning methods.

Phishing simulations will be integrated into the campaign to assess employees’ ability to recognize and report phishing attempts in real time. These simulations will help measure the effectiveness of training, identify areas where employees struggle, and reinforce key security behaviors. As NIST recommends, using realistic scenarios in training programssignificantly increases awareness and preparedness.

To sustain awareness beyond structured training sessions, the campaign will incorporate visual reinforcements such as posters, infographics, and email newsletters. These materials will serve as constant reminders of social engineering threats and best practices, ensuring that cybersecurity remains top-of-mind for employees. According to NIST, repetition and reinforcement are crucial in embedding security principles into daily workplace behavior.

The effectiveness of this campaign will be measured through completion rates of training modules, phishing simulation results, and pre- and post-training assessments to track improvements in employee awareness. Additionally, employee feedback will be collected to refine the training program and address any knowledge gaps.

By incorporating multiple learning methods, including self-paced training, interactive workshops, hands-on phishing simulations, and continuous reinforcement, this campaign follows NIST-recommended techniques for effective cybersecurity awareness. The combination of engagement, repetition, and real-world application ensures that employees develop the knowledge and confidence needed to identify and prevent social engineering attacks, ultimately strengthening the organization’s overall security posture.

Undergraduate

Discussion Rubric

Overview

Your ac�ve par�cipa�on in the discussions is essen�al to your overall success this term. Discussion ques�ons will help you make meaningful connec�ons between the course content and

the larger concepts of the course. These discussions give you a chance to express your own thoughts, ask ques�ons, and gain insight from your peers and instructor.

Directions

For each discussion, you must create one ini�al post and follow up with at least two response posts.

For your ini�al post, do the following:

Write a post of 1 to 2 paragraphs.

In Module One, complete your ini�al post by Thursday at 11:59 p.m. Eastern.

In Modules Two through Eight, complete your ini�al post by Thursday at 11:59 p.m. of your local �me zone.

Consider content from other parts of the course where appropriate. Use proper cita�on methods for your discipline when referencing scholarly or popular sources.

For your response posts, do the following:

Reply to at least two classmates outside of your own ini�al post thread.

In Module One, complete your two response posts by Sunday at 11:59 p.m. Eastern.

In Modules Two through Eight, complete your two response posts by Sunday at 11:59 p.m. of your local �me zone.

Demonstrate more depth and thought than saying things like “I agree” or “You are wrong.” Guidance is provided for you in the discussion prompt.

Discussion Rubric

Criteria Exemplary Proficient Needs Improvement Not Evident Value

Comprehension Develops an ini�al post with an

organized, clear point of view

or idea using rich and

significant detail

(100%)

Develops an ini�al post with a

point of view or idea using

adequate organiza�on and

detail (85%)

Develops an ini�al post with a

point of view or idea but with

some gaps in organiza�on and

detail (55%)

Does not develop an ini�al

post with an organized point of

view or idea (0%)

40

Timeliness N/A Submits ini�al post on �me

(100%)

Submits ini�al post one day

late (55%)

Submits ini�al post two or

more days late (0%)

10



1/7/25, 10:05 AM Undergraduate Discussion Rubric – CYB-260-12259-M01 Legal and Human Factors of Cyb 2025 C-1 (Jan – Mar)

https://learn.snhu.edu/d2l/le/content/1831858/viewContent/38649345/View 1/2

https://app.readspeaker.com/cgi-bin/rsent?customerid=9568&url=https%3A%2F%2Flearn.snhu.edu%2Fcontent%2Fenforced%2F1831858-CYB-260-12259.202511-1%2FUndergraduate%2520Discussion%2520Rubric.html&lang=en_us&readid=d2l_read_element_1

Criteria Exemplary Proficient Needs Improvement Not Evident Value

Engagement Provides relevant and

meaningful response posts

with clarifying explana�on and

detail (100%)

Provides relevant response

posts with some explana�on

and detail (85%)

Provides somewhat relevant

response posts with some

explana�on and detail (55%)

Provides response posts that

are generic with li�le

explana�on or detail (0%)

30

Wri�ng (Mechanics)

Writes posts that are easily

understood, clear, and concise

using proper cita�on methods

where applicable with no errors

in cita�ons (100%)

Writes posts that are easily

understood using proper

cita�on methods where

applicable with few errors in

cita�ons (85%)

Writes posts that are

understandable using proper

cita�on methods where

applicable with a number of

errors in cita�ons (55%)

Writes posts that others are

not able to understand and

does not use proper cita�on

methods where applicable (0%)

20

Total: 100%

1/7/25, 10:05 AM Undergraduate Discussion Rubric – CYB-260-12259-M01 Legal and Human Factors of Cyb 2025 C-1 (Jan – Mar)

https://learn.snhu.edu/d2l/le/content/1831858/viewContent/38649345/View 2/2