Cyber security Policies for the 21st Century

Sharing is caring
Tag : ARTICLES On Tue 15th Jun 2021

Introduction

Cybersecurity policy is a document that outlines the guidelines, principles, rules, regulations, and general procedures that have been formulated and finally adopted by an organization to help it protect its network infrastructure from cybersecurity threats and vulnerabilities. The policy outlines all the critical infrastructure and assets that require protection and espouses the responsibility of the staff to protect the organization’s information assets. The employees are thus required to strictly adhere to the provision of the document and adhere to the accountability guidelines provided by the policy. Nonetheless, the policy must be in compliance with the relevant legal and regulatory guidelines relating to information use.

A Successful Cyber Security Policy

  • A successful cybersecurity policy is that which has properly identified the purpose, scope, and general objectives of the policy document. It must also provide guidelines on how various threats and vulnerabilities will be addressed (Goodman, Straub & Baskerville, 2016).
  • In addition, a successful cybersecurity policy should contain guideless for legal and institutional compliance, protocols for change management, roles and responsibilities of the organization's staff, procedures and policies relating to the organization, information, asset, control, and personnel security.
  • Another key feature of a successful cybersecurity policy is that it must outline the network and communication management guidelines, information relating to the physical environment as well as the business continuity plan (Goodman, Straub & Baskerville, 2016).
  • Of great importance is the need to have a structure of approving any change to the policy within the organization’s framework. With all these elements, a cyber-security should be able to achieve its goals, purpose, and objectives of protecting the organization’s network infrastructure from potential cybersecurity threats and vulnerabilities.

The Ingredients of a Typical Cyber Security Policy

The ingredients of a typical security policy are the key component that must be captured in a cyber-security policy document. It must thus outline the acceptable behavior of the employees and the appropriate use of the IT infrastructure and resources of the organization. It must outline the participles guidelines, regulations, and expectations of each member of the organization when undertaking their respective roles and responsibilities (Knapp, Morris, Marshall & Byrd, 2015). The policy should also provide a recommendation on the possible punishment and disciplinary measures that would be taken against any employee who violates the provisions of the cybersecurity policy.

A typical cybersecurity policy must provide for appropriate training and awareness creation for the employees to remain familiar and well conversant with all content of the policy. It must also outline the relevant techniques and processes that would be followed to ensure that all the current threats and vulnerabilities are brought to the attention of all employees of the organization (Quigley, Burns & Stallard, 2015). Another key ingredient of a typical cybersecurity policy is an incidence handling and response procedure that would be followed in case of a cyber-security threat and vulnerability. There should be a clearly defined procedure for handling all security breaches and the respective responsibilities of each staff in the organization.

A typical security policy should also be able to define configurations for critical security systems. These should include which services should be running on which networks, which should account for management policies, account for password configurations, databases, and firewall policies. There must be clearly defined roles of all staff within the organization on security accountability to facilitate the smooth coordination of actives and processes (Safa, Von Solms & Furnell, 2016). In addition, a typical cybersecurity policy must define physical and logical access control protocols for the organization's premises, assets, resources, and infrastructure.

Another key ingredient of a typical cybersecurity policy is network security policy outlining the protocols to be followed to secure the remote access points, relevant IP address, configurations, network intrusion and detection protocols, remote network access policies, and control systems (Štitilis, Pakutinskas & Malinauskaitė-van de Castel, 2016). It should also contain guideless for legal and institutional compliance, change management procedures, roles, and responsibilities of the organization's staff, organizational policies and procedures, information security policy and procedures, asset management policy and procedures, control policy and procedures, and personnel security policy and procedures.  

How the Various Elements of a Cyber Security Policy should be Articulated

The first element of a cyber-security policy is the purpose statement that outlines the rationale behind the cybersecurity policy documents. It must, therefore, establish the general guiding principles of the cybersecurity policy that would be used to detect and prevent any potential cybersecurity threat and vulnerability to uphold the integrity, reputation, and credibility of the information system. (Štitilis, Pakutinskas & Malinauskaitė-van de Castel, 2016). 

The scope statement element will articulate the general boundaries covered by the cybersecurity policy documents in terms of threats, vulnerabilities, systems, data, use, roles and responsibilities of the employees of the organization. The cybersecurity objectives elements outline the goals and aims of cybersecurity and the general outcome that the document should achieve in terms of confidentiality, integrity, and availability of the information system infrastructure (Quigley, Burns & Stallard, 2015). The element of authorization and access control provides the hierarchical parent of authorization, authentication, and access to the data and information in the system. 

The element of data classification is articulated by separating the classified information from the less significant information to create and the boundary for the high risk, fewer risks, public, and confidential data. The element of data support and operation is articulated in a manner that it outlines the data protection guideline and regulations such as patching, backup, data transmission, encryption, firewall, and anti-malware (Safa, Von Solms & Furnell, 2016). 

Security awareness sessions element of the cybersecurity policy outlines the methods and techniques that would be used to institutionalize the policy among the staff and make the policy an organizational culture through training programs. The element or rights, responsibilities, and duties of the staff in the organization outline the accountability through delegation of duties to qualified staff (Quigley, Burns & Stallard, 2015). The element referencing the relevant legislation is articulated to ensure that the cybersecurity policy document does not violate any established laws and regulations. 

What Considerations Should There Be In Order To Successfully Implement The Policy?

For an organization to successfully implement a cyber-security policy, it is important to take into consideration issues relating to the compliance of the policy with all relevant legislation and regulations in the information security sector. Of great significance is that the policy should not infringe or violate the privacy, rights to information, and confidentiality of individuals (Knapp, Morris, Marshall & Byrd, 2015). Equally, an organization should consider the nature of IT infrastructure, assets, and resource that needs to be protected by the policy. It must then provide the policies and procedures that are appropriate with the assets and infrastructure to be protected taking into consideration the potential threats and vulnerabilities inherent to each infrastructure and asset. 

It must also prioritize all the risks, threats, and vulnerabilities, as well as the importance of the infrastructure so that resources are allocated base on the likelihood and probability of threats, vulnerabilities, harm, and damage to the organization's IT resources and infrastructure. The activities of the employees, their roles, and their responsibility in protecting the organization’s infrastructure must also be considered when developing a cyber-security policy (Goodman, Straub & Baskerville, 2016). The policy shod be designed in such a way that it acknowledges the weakness and vulnerabilities posed by the employees as well as their capabilities, skills, competence, and ability to implement the policy to secure the assets, resources, and infrastructure of the organization. 

How to Assure the Ongoing Success of the Policy

  In order to ensure that the cybersecurity policy is achieving success, it is important to measure the outcomes of the policy and then compare them with the intended goals, purpose, and objective. Thus, a successful cybersecurity policy must be realistic and fully comply with the relevant law and regulation (Safa, Von Solms & Furnell, 2016). In addition, the level of acceptance of the policy among the staff and management, how easy it is followed and implemented by the staff, and the ease of following all the provisions of the policy can be possible indicators of a successful cybersecurity policy.

The positive feedback from staff increased the level of satisfaction and reduce cybersecurity threats and vulnerability are also possible indicators of a successful policy. The relevance of the policy to the activities, operations, process, threats, and vulnerabilities of the organization will also indicate that the policy is successful (Quigley, Burns & Stallard, 2015). The practicality and attainability of the goals and objectives, alignment of the purpose to the operation and process of the organization as well as the inclusivity and flexibility of the policy for future changes and alterations are also possible indicators of successful cybersecurity policy.


Related

Happy Marriage
Tag : ARTICLES
In the union of two hearts that beat as oneLies a love that ...
An African Child
Tag : ARTICLES
In the land of the rising sun Lies a child, his life just b...
Shark Conservation Action Plan
Tag : ARTICLES
Determination of Conservation ActionFor the 'A' decline crit...
CONSUMPTION OF SHARK PRODUCTS
Tag : ARTICLES
Multiple Shark Products Are Used Domestically and Traded Int...
Shark and Ray Conservation Priorities
Tag : ARTICLES
Sharks, rays, and chimaeras (Class Chondrichthyes; hereafter...
Perceptions of access and benefits from community-based aquaculture through Photovoice
Tag : ARTICLES
Small-scale fishermen confront a number of local and global ...
COMMUNITY-BASED FISHERIES MANAGEMENT STRATEGIES
Tag : ARTICLES
IntroductionOver 85% of those engaged in commercial fisherie...
POTENTIAL EFFECTS OF POLITICAL AND SOCIAL STRUCTURE ON FAMILY RELATIONS AND STRUCTURE
Tag : ARTICLES
There is a reciprocal relationship between families and soci...
THE INFLUENCE FAMILY INSTABILITY AND DYSFUNCTION HAVE UPON SOCIAL DISINTEGRATION, POLITICAL INSTABILITY, AND AUTHORITARIANISM
Tag : ARTICLES
It is beyond dispute that the negative consequences of divor...
FAMILY STRUCTURE AND RELATIONS AS SOURCES OF POLITICAL FREEDOM AND SOCIAL STABILITY
Tag : ARTICLES
In the opening paragraph of Anna Karenina, Tolstoy summarize...
Comments
Please Login to comment
Subscribe to our news letter
Top Stories
SDI-Kenya Grant
WSCSD/SCL/PR/01-PROCUREMENT AND TENDERING POLICY
NEWA/W/002/2021: SOCIAL PROTECTION REQUEST FORM - NEWA FAMILY
Happy Marriage
An African Child
Shark Conservation Action Plan
CONSUMPTION OF SHARK PRODUCTS
View All
Top Categories
ARTICLES
Publications
NEWS
Archives
Jan 1970
Nov 2022
Dec 2022
Sep 2022
May 2022
Apr 2022
Mar 2022
Feb 2022
Oct 2021
Nov 2021
Dec 2021
Aug 2021
Jul 2021
Sep 2021
Jun 2021
May 2021
Apr 2021
Jan 2021
Feb 2021
Dec 2020
Oct 2022
Nov 2020
Mar 2021