Cybersecurity-Master-Journey

Module 02: Administrative Controls & Compliance - Practical Activity

📅 Date Started: 2026-05-03

📅 Date Completed: 2026-05-04

🧪 Activity Type:

Scenario-based Cybersecurity administrative simulation (policy design & compliance planning)

🎯 Lab Goal:

To design an administrative control plan focused on employee cybersecurity training that ensures compliance, strengthens the human firewall, and protects Baker Hughes data and infrastructure.

🛠 Tools Used:

• Adobe file editor

📋 What I Did:

1. Developed a cybersecurity onboarding curriculum covering secure system access, password management, and core IT security policies.
2. Established a recurring training schedule for all employees, defining frequency and providing a risk-based justification.
3. Designed a communication protocol to rapidly inform staff about emerging cyberthreats using targeted alerts and team briefings.
4. Aligned all training components with administrative control best practices to ensure documented compliance and accountability.

🔍 What I Found:

• Onboarding Training: New hires will complete a mandatory cybersecurity orientation before receiving system access. This includes hands-on training for secure login procedures, strong password creation/management, MFA setup, and a formal review of IT department cybersecurity policies (acceptable use, data classification, and incident reporting).
• Training Frequency & Justification: Employees must complete additional cybersecurity training on a monthly cadence. This frequency is necessary because cyber threats, attack techniques, and compliance requirements evolve rapidly. Monthly micro-training keeps knowledge current, reinforces secure habits, and minimizes human error without disrupting daily operations.
• Threat Notification Method: Employees will be alerted to new or active cyberthreats through targeted security emails (for immediate, documented awareness) and brief team meetings/huddles (for context, discussion, and Q&A). This dual approach ensures timely dissemination while allowing interactive clarification.
• Administrative Control Alignment: The plan directly addresses the “people” layer of administrative controls by turning policy into practice. It supports compliance by requiring documented training completion, tracking participation, and ensuring accountability across all roles.

💡 What I Learned:

• Administrative controls depend heavily on human behavior; structured, recurring training is the most effective way to reduce insider risk and enforce policy compliance.
• Onboarding establishes the security baseline, but continuous monthly training is essential to keep pace with evolving threat landscapes and regulatory expectations.
• Clear, multi-channel communication (emails + meetings) ensures threat awareness spreads quickly while maintaining operational productivity.
• Training must be tracked and audited to function as a true administrative control—documentation, accountability, and regular refreshers complete the compliance lifecycle.

📸 Screenshot:

🔒 Screenshot Restriction Notice

Screenshots from IBM SkillsBuild simulated lab environments are proprietary content and cannot be shared externally per IBM’s academic integrity policy and terms of use. Lab Completion Verified:

• ✅ Platform: IBM SkillsBuild
• ✅ Module Status: 100% COMPLETE
• ✅ Activities Completed: Administrative control plan (employee training, onboarding, threat notifications)
• ✅ Completion Date: 2026-05-04

Alternative Evidence: Comprehensive written documentation provided in sections above.