Building a Cyber-Security Policy

1073 Words3 Pages
bulb-icon

Recommended: Why cyber security is important

Organizations which rely on network infrastructure for their business operation must utilize security technology to protect the network from harmful actions of automated attacks as well as malicious human activity. It is also important to enact policies and guidelines for the employees of the organization, which in many regards can be the weakest link in the chain of security. According to a survey by The Ponemon Institute (2012), “78 percent of respondents said their organizations have experienced a data breach as a result of negligent or malicious employees or other insiders” (p.1). A statistic like this points to the need for comprehensive policies that detail the company’s expectations and mandates for specific situations relating to cybersecurity.
Policy Considerations
In order for a cybersecurity policy to be successful, it should cover every conceivable situation (Easttom, p.201, 2012). Security events that are not associated with a policy are likely to not be handled as efficiently as an event that does have a policy. Policies reduce or eliminate uncertainty over the expected way a security event is to be dealt with. A successful cybersecurity policy will restrict actions enough to facilitate a secure network while avoiding mandates which restrict behavior so tightly that employees will become resentful or find ways to circumvent the policies. When considering specific policies, it is important to not create policies that are unclear or open to interpretation. Instead, each policy should be as specific as possible, leaving little room for interpretation or misunderstanding.
Cybersecurity policies can be in the form of advisory or compulsory. Policies that are advisory are suggested, but not enforced. An advisory polic...

... middle of paper ...

..., the company’s security policies will undergo a review by management and the IT staff on a biannual schedule. By a process of periodic review, the company’s cybersecurity policies will remain relevant and effective, even as circumstances change over time.

References
Cisco. (2005). Network Security Policy: Best Practices White Paper. Retrieved January 19, 2014 from http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper
09186a008014f945.shtml
Easttom, C. (2012). Computer security fundamentals. Indianapolis. Pearson.
Microsoft. (2012). Strong Passwords. Retrieved January 19, 2014 from http://technet.microsoft.com/en-us/library/ms161962.aspx
Ponemon Institute. (2012). The Human Factor in Data Protection. Retrieved January 19, 2014 from http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt_trend-micro_ponemon-survey-2012.pdf

Show More
Related

  • Catastrophic Telecommunications Cyber Attacks Are Impossible

    878 Words  | 2 Pages

    and their use. In Committee on Deterring Cyber attacks: Informing Strategies and Developing Options (Ed.), Proceedings of a Workshop on Deterring Cyber attacks: Informing Strategies and Developing Options for U.S. Policy. Washington, D.C.: National Academies Press.

    Read More

  • Overview of Network Security

    868 Words  | 2 Pages

    Roberts, Richard M. "Network Secrurity." Networking Fundamentals. 2nd ed. Tinley Park, IL: Goodheart-Willcox, 2005. 599-639. Print.

    Read More

  • Description of Layered Security

    1220 Words  | 3 Pages

    Stewart, J. M. (2011). Network Security, Firewalls, and VPNs. Burlington: Jones & Bartlett Learning, LLC.

    Read More

  • Homeland Security: The Mission Of Homeland Security

    1035 Words  | 3 Pages

    Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what

    Read More

  • Asset Identification and Classification Policy

    2977 Words  | 6 Pages

    ...the marketplace, increase profit, and comply with both external and internal policies and procedures, including federal laws and regulations. It is imperative before an organization begins to discuss, design or implement policies a clear understanding of hardening and the benefits of a layered defense at key “point on the network (public and private), at the server, and at the desktop. Policies written by an organization, which encompasses guidelines or mandates from a government entity are therefore ensure a layered approach.

    Read More

  • Cyberespionage Prevention Essay

    854 Words  | 2 Pages

    As demonstrated by the examples above, these attacks can be extremely difficult to detect and mitigate. This highlights the need to ensure that all employees in an organization are aware of the threat these attacks present and are familiar with ways to stop them. Implementing the techniques mentioned above along with other proven methods will ensure that organizations are equipped to defend themselves against cyberespionage attacks.

    Read More

  • Persuasive Essay On Cyber Security

    1284 Words  | 3 Pages

    In recent years, many possible plans to enact government regulation to improve cybersecurity have been suggested. Most recently, in 2017, then U.S. president Barack Obama implemented the Cybersecurity National Action Plan (CNAP). The plan would have invested $19 billion in cybersecurity by gathering experts to make recommendations in regards to cyber security, help secure the government IT group, and encourage more advanced security measures (Daniel 1). However, while CNAP does present a way to solve the problem, it just adds another program that attempts to enhance cybersecurity: “It is the multiplicity of programs and division of responsibility that diminishes their effectiveness. At least eleven federal agencies bear significant responsibility for cybersecurity” (Cohen 1). Every so often, another cybersecurity program will be established, but former plans are seldom removed. This leads to a large amount of departments to share responsibility, which creates general confusion and limits each department’s power. Furthermore, widespread government regulation may weaken cybersecurity. Many fear that any regulation would not be flexible enough and would instead allow easier hacking (Ridge 3). If every system in the entire nation had the same security measures, it would be much easier to break into as by breaking into one system, a hacker a could break into everything.

    Read More

  • Building a secure network

    788 Words  | 2 Pages

    Building and Designing a network can long and tedious task. The time and development of security policies is a process that can equal the creation time of the network topology. The security implementations to secure the infrastructure must be based of best practices. Network administrators and users all must become a cohesive force in the protection of the network.

    Read More

  • Cybersecurity: The Importance of Computer Security in Every Business

    1099 Words  | 3 Pages

    Although all of the legal parameters are not presented to the public, they maintain common ethical standards to protect our citizens. I don’t think cybersecurity receives enough recognition for their contribution to this nation’s security. The training is extensive, the skills are mandatory, and the mistakes are catastrophic, so a lot of pressure is placed on the employees in this field. Cybersecurity may never fully be understood by someone who is not tangibly involved, but the dedication and effort cybersecurity provides is priceless. Computer security is a must and without it all things could fall apart.

    Read More

  • Impact of Cyber Security Vulnerability on Organizations

    1270 Words  | 3 Pages

    Li, P. D. (2014). Information and Computer Security. International Journal of Information and Computer Security, 3-7.

    Read More

  • Corporate Network Management

    1882 Words  | 4 Pages

    Melford, RJ 1993, 'Network security ', The Internal Auditor, vol. 50, no. 1, p. 18.

    Read More

  • Security Rules And Regulations

    1031 Words  | 3 Pages

    Businesses today face the ever evolving technological changes that are required to maintain network security and data privacy while complying with applicable legalities. As an information security manager for a large sporting goods store I am responsible for protecting the organization’s computers, networks and data against threats and security breaches, attacks by cyber-criminals and computer viruses. The details of the job of an information security manager is to evaluate the organization’s security measures to include firewalls, passwords, logins, malware, antivirus, along with any weak points that may make the information systems vulnerable to attack. Our organization focuses on an array of data to include health records of health screenings,

    Read More

  • The Importance Of Network Planning

    1374 Words  | 3 Pages

    A critical part of network planning involves setting up of security mechanisms. Deploying the network with security configuration provides superior visibility, continuous control and advanced threat protection across the extended network. Additionally, security procedures define policies to monitor the network for securing critical data, obtain visibility, mitigate threats, identify and correlate discrepancies.

    Read More

  • Importance of Cyber Security

    1732 Words  | 4 Pages

    The nation has become dependent on technology, furthermore, cyberspace. It’s encompassed in everything we deliver in our daily lives, our phones, internet, communication, purchases, entertainment, flying airplane, launching missiles, operating nuclear plants, and implicitly, our protection. The more ever-growing technology empower Americans, the more they become prey to cyber threats. The United States Executive Office of the President stated, “The President identified cybersecurity as one of the top priorities of his administration in doing so, directed a 60-day review to assess polices.” (United States Executive Office of the President, 2009, p.2). Furthermore, critical infrastructure, our network, and internet alike are identified as national assets upon which the administration will orchestrate integrated cybersecurity policies without infringing upon and protecting privacy. While protecting our infrastructure, personal privacy, and civil liberties, we have to keep in mind the private sector owns and operates the majority of our critical and digital infrastructure.

    Read More

  • What are the security problems and solutions of the Internet?

    1381 Words  | 3 Pages

    Companies and organizations with highly confidential information will have sets of security policy with consideration of human factor to protect their network.

    Read More

More about Building a Cyber-Security Policy

Open Document