ICT Threats

Introduction to ICT Threats

In today’s interconnected world, ICT systems are at the core of all major operations, whether in
businesses, governments, or personal use. As the reliance on technology increases, so does the risk of
exposure to various cyber threats. An ICT threat is any malicious attempt to damage, steal, disrupt, or
gain unauthorized access to digital systems, networks, or data. Understanding these threats and how to
mitigate them is crucial in protecting digital assets.

Types of ICT Threats

1. Hacking:
o Definition: Unauthorized access to computer systems, networks, or data, often for
malicious purposes like data theft or system manipulation.
o Example: In 2017, the global "WannaCry" ransomware attack exploited a vulnerability in
Windows OS, encrypting user files until a ransom was paid.
o Mitigation: Regular system updates, installing firewalls, using intrusion detection systems
(IDS), and educating users about suspicious online behavior.

2. Cracking:
o Definition: Bypassing software security to tamper with or disable software protection
features, often leading to piracy or malicious activities.
o Example: Cracking software to remove license verification can expose users to malware.
o Mitigation: Employ digital rights management (DRM) systems and continuously monitor
software for unauthorized access.

3. Piracy:
o Definition: The illegal copying and distribution of software, media, or other digital
content.
o Example: Sites offering pirated movies or music harm content creators by avoiding
proper licensing fees.
o Mitigation: Implement watermarking and licensing tools, and take legal action against
piracy networks.

4. Phishing:
o Definition: A technique where attackers send fraudulent emails or set up fake websites to
trick individuals into revealing sensitive information, such as passwords or credit card
details.
o Example: A common phishing scam is sending an email that mimics a bank asking the
user to confirm their account details.
o Mitigation: Use email filters, conduct regular phishing awareness training, and implement
multi-factor authentication (MFA).
5. Spyware:
o Definition: Malicious software designed to secretly monitor and collect information from
a computer without the user's knowledge.
o Example: Spyware like "Keylogger" records keystrokes to steal login credentials.
o Mitigation: Use anti-spyware software, regularly update security patches, and avoid
clicking on suspicious email links.

6. Malware:
o Definition: Any software intentionally designed to cause harm to a computer, server, or
network. Types include viruses, worms, trojans, and ransomware.
o Example: The "Petya" ransomware, which encrypts files and demands a ransom to unlock
them.
o Mitigation: Install antivirus programs, regularly update software, and implement strong
backup strategies.

7. Denial of Service (DoS) Attacks:

o Definition: An attack that attempts to make a network or service unavailable by
overwhelming it with a flood of internet traffic.
o Example: The 2016 attack on Dyn, a DNS provider, which brought down popular sites
like Netflix, Twitter, and Reddit.
o Mitigation: Use Distributed Denial of Service (DDoS) protection services, employ traffic
filtering, and increase bandwidth capacity.

8. Man-in-the-Middle Attacks:
o Definition: An attack where the hacker intercepts communication between two systems,
stealing sensitive data or injecting malicious content without the victim’s knowledge.
o Example: A hacker intercepting an online banking session between the user and their
bank.
o Mitigation: Use encrypted communication protocols (e.g., HTTPS), and employ virtual
private networks (VPNs) for secure browsing.

9. Rootkit:
o Definition: A collection of software tools that enables unauthorized access to a computer
while hiding its existence, often used by hackers to gain ongoing access.
o Example: The "Sony BMG rootkit scandal" where digital rights management software
installed hidden files that could be exploited by malicious actors.
o Mitigation: Use rootkit detection software, and monitor system behavior for anomalies.
 10. Social Engineering:
o Definition: Manipulating individuals into divulging confidential or personal information
through deception or psychological tricks.
o Example: Pretending to be a trusted IT technician and tricking an employee into sharing
their password.
o Mitigation: Conduct regular security training for staff, implement strict information-
sharing policies, and use verification procedures.

ADVANCED SECURITY MEASURES

1. Physical Security Measures:

o Security Guards & Personnel: Stationed at data centers and critical IT facilities to
restrict access to authorized personnel.
o Burglar-Proofing & Locks: Physical barriers such as padlocks, security doors, and
biometric access systems protect ICT infrastructure.
o CCTV & Security Alarms: Surveillance systems that monitor and alert when
unauthorized activity is detected.

2. Logical Security Measures:

o Access Rights Management: Assigning specific access permissions to users based on
their role and need-to-know.
o Encryption: Data encryption ensures that even if data is intercepted, it remains
unreadable without the correct decryption key.
o Firewalls: A firewall inspects and filters incoming and outgoing network traffic, blocking
any suspicious activity.
o Antivirus & Anti-malware: These software solutions actively detect, quarantine, and
remove malware from systems.
o Regular System Audits: Periodic reviews and audits of system security to identify and
patch vulnerabilities before they can be exploited.

3. Ethical Hacking:
o Penetration Testing: Simulating cyberattacks on a network or system to identify
weaknesses and fix them before a malicious hacker can exploit them.
o Security Audits: Comprehensive evaluations of security practices, including compliance
with regulations and standards.

Causes Of Data Loss In Computers

Hardware Failure: Physical damage to computer components, such as hard drives, solid-state drives,
or power supplies, can lead to data loss. Hard drives, especially, are prone to mechanical failures over
time.
 Software Corruption: Errors in the operating system or applications can lead to data corruption. This
can happen during system crashes, improper software installations, or compatibility issues that prevent
data from being accessed properly.

Human Error: Accidental deletion, overwriting files, or improper handling of storage devices often
leads to data loss. Formatting a drive or deleting files unintentionally are common examples.

Malware and Viruses: Cyber threats like ransomware, viruses, and other malware can corrupt,
delete, or hold data hostage, leading to partial or complete data loss.

Power Outages: Unexpected power cuts or surges can cause system crashes or damage storage
devices, sometimes resulting in unsaved data being lost or even damaging the hardware.

Natural Disasters: Events like floods, fires, earthquakes, or other natural disasters can physically
damage computer systems and storage media, making data unrecoverable.

Theft or Loss: Losing a physical device (like a laptop or external drive) due to theft or misplacement
results in a direct loss of the data stored on it if it's not backed up elsewhere.

Improper Ejection of Storage Media: Removing USB drives, external hard drives, or memory cards
without proper ejection can lead to file corruption or loss of data that was recently written.

Logical Errors: Issues like file system corruption, partition errors, or issues during a file transfer can
cause data loss even if the physical device is undamaged.

Failed Software Updates: System or software updates that go wrong (e.g., failed OS upgrades or
interrupted updates) can corrupt files or even the entire operating system.

SECURITY AUDIT

A security audit is a comprehensive assessment of an organization’s information system, including its

infrastructure, policies, and procedures, to ensure that security controls are effective and in line with
industry standards. The goal is to identify vulnerabilities, assess risks, and provide recommendations for
enhancing security.

1. Types of Security Audits

 Internal Audits: Conducted by the organization’s internal team to assess policies, compliance,
and identify vulnerabilities.
 External Audits: Conducted by a third party to provide an independent, objective evaluation of
security.
 Compliance Audits: Focus on ensuring adherence to standards like GDPR, HIPAA, PCI-DSS,
etc., based on regulatory requirements.
 Penetration Testing (Pen Testing): Specialized audits where ethical hackers attempt to exploit
weaknesses in the system to determine potential points of attack.

2. Stages of a Security Audit

  Planning: Define the audit’s scope, objectives, and resources. Determine whether it will be a full-
scale audit or target specific areas.
 Information Gathering: Collect data about the organization’s IT infrastructure, including
hardware, software, network architecture, user access controls, and data flow.
 Vulnerability Identification: Use automated tools, manual techniques, and vulnerability
databases to locate known vulnerabilities in the system.
 Risk Assessment: Evaluate the potential impact and likelihood of identified vulnerabilities being
exploited. This step involves assigning a risk level to each vulnerability.
 Testing and Validation: Conduct penetration tests and other checks to validate findings, simulate
attacks, and assess the effectiveness of existing security measures.
 Reporting: Document findings in a clear, actionable report. Highlight critical vulnerabilities,
offer recommendations, and prioritize steps for remediation.

3. Key Areas of Focus in a Security Audit

 Access Control: Review who has access to what data and ensure that permissions are based on
roles. Check for weak or default passwords and unmonitored privileged accounts.
 Network Security: Examine firewall configurations, VPN access, intrusion detection systems,
and encryption practices to ensure secure data flow across networks.
 Data Protection: Assess data storage, encryption, and backup strategies. Ensure that sensitive
data is adequately protected and only accessible to authorized personnel.
 Physical Security: Verify the physical safeguards in place to protect IT infrastructure from
unauthorized access or environmental risks.
 Incident Response and Recovery: Evaluate incident response plans, disaster recovery processes,
and backup systems to ensure the organization can quickly recover from security incidents.
 Compliance with Standards: Check adherence to relevant industry standards and regulatory
requirements (e.g., ISO 27001, NIST, GDPR, etc.).
 Employee Training and Awareness: Assess security training programs to ensure employees are
aware of policies and procedures and understand how to identify and report potential threats.

4. Common Tools Used in Security Audits

 Vulnerability Scanners (e.g., Nessus, Qualys): Automated tools that scan for known
vulnerabilities in the system.
 Penetration Testing Tools (e.g., Metasploit, Burp Suite): Used to simulate attacks and test the
effectiveness of defenses.
 Compliance Management Tools (e.g., Vanta, LogicGate): Ensure systems and practices comply
with regulatory standards.
 Log Analysis Tools (e.g., Splunk, LogRhythm): Analyze logs for unusual activities or patterns
that could indicate security issues.

5. Benefits of Security Audits

 Risk Identification: Uncover potential risks and vulnerabilities within the organization.
 Improved Security Posture: Strengthen defenses by addressing weak points found during the
audit.
 Compliance Assurance: Help organizations meet regulatory and industry standards, reducing the
risk of fines or penalties.
 Data Protection: Enhance measures to protect sensitive data from breaches and unauthorized
access.
  Cost Savings: Prevent costly incidents by identifying and addressing vulnerabilities before they
can be exploited.

6. Challenges in Conducting Security Audits

 Resource Constraints: Security audits require skilled personnel, time, and budget, which can be
challenging to allocate.
 Complex Environments: Large organizations with complex IT environments may find it difficult
to audit all systems thoroughly.
 Rapidly Evolving Threats: New threats emerge regularly, making it necessary for security audits
to be conducted frequently to stay effective.
 Human Error: Incorrect assumptions or missed steps during the audit can result in overlooked
vulnerabilities.

7. Follow-Up After a Security Audit

 Remediation Plan: Based on the audit findings, create a remediation plan to address
vulnerabilities. Prioritize high-risk areas.
 Ongoing Monitoring: Establish monitoring practices for critical assets to detect and respond to
future threats.
 Continuous Improvement: Use audit insights to refine security policies and procedures over
time, adapting to new threats and regulatory changes.
 Re-Audit: Schedule periodic follow-up audits to ensure improvements have been implemented
effectively and to identify any new vulnerabilities.

Security audits are essential for maintaining a robust security posture, protecting data, and ensuring
regulatory compliance. Regular audits can help organizations proactively manage risks and adapt to the
evolving cybersecurity landscape.

Emerging Security Threats

Artificial Intelligence (AI)-Driven Attacks: Cybercriminals are increasingly using AI and machine
learning to enhance their attack methods. AI can be used to automate attacks, evade detection systems, or
even mimic user behavior, making phishing and social engineering attacks more convincing and
sophisticated.

Deepfakes and Synthetic Media: Deepfake technology, which uses AI to create realistic but fake
audio, video, or images, is being used for fraudulent purposes. This includes impersonating individuals to
gain access to sensitive information or systems, which can compromise organizations and individuals.

Ransomware-as-a-Service (RaaS): With RaaS, cybercriminals rent out ransomware tools to other
attackers, making it easier for inexperienced hackers to deploy ransomware. Ransomware is becoming
more targeted, with attacks often aimed at specific organizations with high-value data.

Internet of Things (IoT) Vulnerabilities: As IoT devices proliferate in homes, industries, and critical
infrastructures, they become a target for cybercriminals. Many IoT devices have weak security controls,
making them vulnerable to attacks that can compromise entire networks or enable remote surveillance.
 5G Security Risks: The expansion of 5G technology brings higher speeds and more connectivity but
also introduces new security challenges. The broader network exposure and increased number of
connected devices make it easier for attackers to target and exploit vulnerabilities.

Cloud Security Threats: With more organizations moving data and applications to the cloud, data
breaches, misconfigurations, and unauthorized access to cloud environments are increasing.
Vulnerabilities in cloud infrastructure and insecure APIs are also critical concerns.

Quantum Computing Threats: As quantum computing advances, there is a risk that quantum
computers will eventually break current encryption algorithms, compromising data security. While large-
scale quantum computing is not yet widely available, preparations for post-quantum cryptography are
underway.

Supply Chain Attacks: Attackers are increasingly targeting vendors and service providers to
compromise their customers. By infiltrating software or hardware supply chains, attackers can gain
access to multiple organizations at once, as seen in the SolarWinds breach.

Zero-Day Exploits: Attackers continue to find and exploit previously unknown vulnerabilities (zero-
day exploits) before they are patched. These attacks are often difficult to detect and can be devastating, as
they capitalize on flaws in widely used software or systems.

Insider Threats: Malicious or careless actions by employees, contractors, or trusted partners can lead
to significant security breaches. With the rise of remote work, managing insider threats has become more
complex due to less oversight and physical control over data access.

Social Engineering via Advanced Phishing Attacks: Cybercriminals use more targeted and
sophisticated phishing techniques, such as spear phishing and business email compromise (BEC), often
leveraging AI to make their attacks more convincing and personalized.

Cyber-Physical Attacks: As more critical infrastructure (e.g., energy, water, transportation) is

controlled digitally, cyber-physical attacks that cause physical damage or disrupt essential services are
becoming a serious threat.

Social Media Manipulation and Misinformation: Manipulating public opinion and spreading
misinformation through social media has become an important tool in cyber warfare. False narratives can
harm individuals, businesses, and political entities, and can create panic or influence decision-making.

Key Laws, Regulations, And Policies That Govern ICT Security,

1. Data Protection and Privacy Laws

 General Data Protection Regulation (GDPR): Enforced in the EU, GDPR sets stringent
requirements for data collection, storage, and processing, particularly for personal data. It
mandates data minimization, user consent, and a high standard of security. Non-compliance can
result in heavy fines.
 California Consumer Privacy Act (CCPA): Applicable in California, CCPA gives residents
rights over their data, including the right to know what data is collected and the right to request
data deletion. Businesses must disclose data collection practices and secure personal data.
  Health Insurance Portability and Accountability Act (HIPAA): In the U.S., HIPAA applies to
healthcare providers, insurers, and their partners, setting security and privacy standards for
handling health information. It mandates data encryption, secure access, and breach notification.
 Personal Data Protection Act (PDPA): Found in several countries (e.g., Singapore, Thailand),
PDPA sets privacy standards for handling personal data and includes consent, purpose limitation,
and security requirements.

2. Cybersecurity Laws and Standards

 Cybersecurity Information Sharing Act (CISA): In the U.S., CISA encourages companies to
share information about cyber threats with the government to enhance cybersecurity practices
while providing liability protection for the data shared.
 NIST Cybersecurity Framework: While not a law, the National Institute of Standards and
Technology (NIST) framework provides a voluntary framework widely adopted in the U.S. It
outlines best practices for identifying, protecting, detecting, responding to, and recovering from
cyber incidents.
 Computer Fraud and Abuse Act (CFAA): U.S. law that criminalizes unauthorized access to
computer systems and data. It is primarily used to prosecute hackers and insiders who access
systems without permission.
 Cybercrime Laws: Many countries have their own cybercrime laws that prohibit activities like
hacking, identity theft, and the spread of malware. Examples include the Computer Misuse Act
in the UK and the Information Technology Act in India.

3. Financial and Payment Security Regulations

 Payment Card Industry Data Security Standard (PCI-DSS): PCI-DSS is a global standard for
companies that handle credit card data. It outlines security practices for data protection, including
encryption, secure access, and regular audits.
 Gramm-Leach-Bliley Act (GLBA): In the U.S., this act mandates financial institutions to protect
consumer information. It requires them to inform customers of data collection and sharing
practices and implement data security safeguards.

4. Telecommunications and Critical Infrastructure Security

 Federal Information Security Management Act (FISMA): A U.S. law that requires federal
agencies and contractors to secure information systems and implement risk management
protocols. Agencies must have documented cybersecurity plans and continuous monitoring
practices.
 Telecommunications Regulations: Many countries regulate telecommunications for national
security purposes. For example, the Communications Assistance for Law Enforcement Act
(CALEA) in the U.S. requires telecoms to assist law enforcement in lawful interception of
communications.

5. International Standards and Frameworks

 ISO/IEC 27001: An internationally recognized standard for information security management

systems (ISMS). It provides a framework for managing security controls and assessing risks
within organizations.
 ISO/IEC 27701: This standard is an extension of ISO 27001 and provides guidance for managing
privacy information, ensuring organizations meet privacy compliance requirements.
6. Cyber Incident Reporting and Notification Laws

 Data Breach Notification Laws: Many jurisdictions require organizations to notify affected
individuals and relevant authorities following a data breach. GDPR mandates breach notifications
within 72 hours, while various U.S. states have laws that mandate prompt disclosure.
 Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA): In the U.S., this act
requires critical infrastructure companies to report cyber incidents to the Cybersecurity and
Infrastructure Security Agency (CISA) to improve national security response.

7. Organizational ICT Security Policies

Organizations should establish robust ICT security policies to manage and mitigate internal and external
security risks. Key policies include:

 Access Control Policy: Defines who can access what data and resources based on role,
department, or project. This includes password policies, multi-factor authentication requirements,
and periodic access reviews.
 Acceptable Use Policy (AUP): Sets rules for employees on acceptable use of company assets,
networks, and data. It helps prevent misuse and ensures systems are used only for authorized
purposes.
 Data Protection and Privacy Policy: Outlines data handling, storage, and protection practices in
compliance with relevant privacy laws. It should include data encryption, anonymization, and
secure disposal practices.
 Incident Response Policy: Details the process for identifying, managing, and reporting security
incidents. This policy should specify roles, responsibilities, and protocols for quick response to
security breaches.
 Disaster Recovery and Business Continuity Plan (DRBCP): Ensures that the organization can
continue operations and recover critical systems following a disaster or significant disruption.
 Remote Work Security Policy: Given the rise in remote work, this policy outlines secure
practices for remote access, such as using VPNs, securing personal devices, and monitoring
network access.
 Employee Security Training Policy: Establishes a regular schedule for training staff on
cybersecurity awareness, phishing prevention, and safe handling of data.

8. Intellectual Property Protection

 Copyright and Trademark Laws: Protect digital content, software, and branding from
unauthorized use or reproduction. This is essential for companies relying on proprietary
technology and digital products.
 Trade Secret Laws: Protect confidential business information, software, and data that provide a
competitive edge. Proper security policies should restrict access to trade secrets and establish
NDA (non-disclosure agreement) requirements.

9. Compliance with Sector-Specific Security Laws

 Different industries often have specific regulations. For example:

o SOX (Sarbanes-Oxley Act) in finance, which mandates certain IT security standards for
data accuracy and financial reporting integrity.
o COPPA (Children’s Online Privacy Protection Act) for websites or services collecting
data from children under 13.
 o FERPA (Family Educational Rights and Privacy Act) in education, which protects
student data.

10. Ethical and Responsible Use Policies

 Code of Conduct: Many organizations establish ethical guidelines for employees to prevent
misuse of data and systems. These policies address issues like employee privacy, ethical use of
data, and the organization's role in protecting customer information.
 Environmental and Social Governance (ESG): Increasingly, ICT policies address the
environmental impact of technology use, aiming to reduce waste, energy use, and support digital
responsibility.

Environmental Threats And Mitigation Strategies:

1. Natural Disasters

 Threats: Earthquakes, floods, hurricanes, tornadoes, wildfires, and volcanic eruptions can
physically damage data centers, disrupt power supplies, and impair access to IT facilities.
 Mitigation:
o Use geographically dispersed data centers to ensure backup sites remain unaffected if
one region is impacted.
o Implement disaster recovery plans that include data backup, emergency response, and
business continuity procedures.
o Design data centers with earthquake-resistant infrastructure and flood barriers in
vulnerable locations.
o Regularly test business continuity and disaster recovery plans to ensure they function
effectively under various scenarios.

2. Extreme Weather Conditions

 Threats: Unusual heatwaves, cold snaps, and storms can strain cooling systems, disrupt power
supplies, and increase energy costs.
 Mitigation:
o Invest in redundant cooling and power systems to handle extreme weather, such as
backup generators and high-efficiency cooling units.
o Monitor server room temperature and humidity levels using environmental monitoring
systems to ensure ideal operating conditions.
o Opt for cloud services that offer high availability and redundancy, as they distribute
resources across multiple regions.

3. Climate Change

 Threats: Climate change contributes to the increasing frequency and severity of natural disasters
and extreme weather events, creating long-term risks for IT infrastructure.
 Mitigation:
o Plan for sustainable IT practices, including energy-efficient data centers, reducing
carbon footprints, and investing in renewable energy sources.
 o Conduct environmental risk assessments when planning new data centers, focusing on
long-term risks associated with climate change.
o Virtualize servers and use cloud solutions to reduce physical hardware dependency and
mitigate risks linked to hardware exposure to extreme conditions.

4. Power Outages

 Threats: Blackouts and brownouts can disrupt IT operations, leading to downtime and data loss.
Power grids can be compromised by extreme temperatures, storms, or human error.
 Mitigation:
o Use uninterruptible power supplies (UPS) and backup generators to maintain power
during outages.
o Design IT infrastructure to failover to secondary power sources in case of prolonged
outages.
o Adopt energy-efficient hardware and manage power consumption to minimize the load
on electrical systems.

5. Water Damage and Humidity

 Threats: Flooding, leaks, and high humidity can damage electronic equipment, leading to
malfunctions and data loss.
 Mitigation:
o Elevate data centers or install waterproofing measures, especially in flood-prone areas.
o Implement dehumidifiers and monitor humidity levels within server rooms to maintain
optimal conditions.
o Set up automated leak detection systems to monitor for water ingress in data centers.

6. Fire and Smoke Damage

 Threats: Fire, either from external sources or internal equipment malfunctions, can destroy
physical infrastructure and data. Smoke can also corrode sensitive electronic components.
 Mitigation:
o Install fire suppression systems (e.g., gas-based suppression) in server rooms to
extinguish fires without damaging equipment.
o Conduct regular fire safety inspections and maintain a safe, organized workspace to
reduce fire risk.
o Use heat and smoke detectors with automated alerts to enable quick response.

7. Electromagnetic Interference (EMI)

 Threats: Electromagnetic fields generated by nearby industrial equipment, radio towers, or even
other IT equipment can disrupt or damage sensitive hardware.
 Mitigation:
o Place critical equipment in shielded areas to minimize exposure to external
electromagnetic sources.
o Avoid placing IT infrastructure near high-power equipment that generates EMI.
o Use EMI-resistant hardware and cables to reduce susceptibility to interference.

8. Pest Infestation
  Threats: Rodents, insects, and other pests can damage wiring, contaminate equipment, and even
cause power failures or system malfunctions.
 Mitigation:
o Keep server rooms clean, and avoid food or open waste bins near equipment to deter pests.
o Regularly inspect IT facilities for pest activity, and consider routine pest control
services.
o Protect cables and equipment in sealed, pest-resistant enclosures.

9. Air Quality Issues

 Threats: Pollutants, dust, and particulates in the air can accumulate in sensitive equipment,
causing overheating, short circuits, or corrosion.
 Mitigation:
o Use air filtration systems and regularly clean data centers to reduce dust and pollutants.
o Install environmental monitoring to track air quality, temperature, and humidity.
o Choose data center locations with minimal exposure to air pollutants and dust sources.

10. Environmental Sustainability and Regulatory Requirements

 Threats: Organizations face increasing regulatory and public pressure to adopt sustainable
practices, reduce energy consumption, and lower emissions. Failure to comply can lead to
reputational damage or fines.
 Mitigation:
o Develop sustainability initiatives, like using renewable energy and efficient cooling
solutions, and implement carbon offset programs.
o Opt for green-certified data centers and follow regulatory requirements to maintain
compliance.
o Use energy-efficient hardware and implement server virtualization to reduce the
physical server count and energy use.

General Strategies for Mitigating Environmental Threats

 Data Backup and Cloud Solutions: Regularly back up data to geographically diverse locations
or cloud services, reducing dependence on a single physical location.
 Regular Risk Assessments: Conduct assessments to understand potential environmental threats
and update mitigation measures as conditions change.
 Business Continuity and Disaster Recovery Planning (BCDR): Have a BCDR plan that
includes environmental threats, specifying recovery times and alternative sites.
 Employee Training: Train employees to follow safety protocols, monitor environmental systems,
and understand disaster recovery procedures.