Information Security Policies, Procedures, and Cybersecurity

Cyber Security
Name:
Institution:
Course:
Date:
Introduction
As a cyber-security professional, having the in-depth knowledge of the industry is a key element to helping the company stay ahead of the risks within the cyberspace (Bou-Harb, Lakhdari, Binsalleeh & Debbabi, 2018). This means as a professional, it is not only the technical knowhow that counts but also being informed on all the current news and developments within the industry (Lai, Chen, Liu, Yang & Li, 2018). Being in a position to identify the system vulnerabilities in the organization through risk management strategies and reducing their impact on the operations of the organization are key elements of the daily responsibilities of a cybersecurity professional (Casey, Katz & Lewthwaite, 2018). To achieve this, there is need for there to be some established policies, procedures, standards, guidelines as well as controls within the organization. These are the pillars for achieving the cybersecurity objectives. Every other employee also needs to understand the impact that this has on the organization and as such, follow guidelines established for every other operation.
Terminology
To better understand the impact that the various elements have in any organization relative to cyber security, it is important to establish the meaning of the main elements. Policy for example relates to the set of plans or ideas which have been used as the basis for making various decisions within the organization (Food and Agriculture Organization, 2018). This is especially the case where, aspects such as business, economic and politics are concerned. On the other hand standards are quite different, given that they refer to a level of quality or even achievement that is considered acceptable. It important to note that, standards are more of level of quality that are considered to be achieved by ever other employee in the organization. For example, standards in the security practices, may require that only staff within the IT department have clearance for certain activities on the system. At the same time the IT staff may also have different levels of clearance, which are strict standards that have to be followed without question. Policies are the basis on which such decisions to for the different levels of clearance. Procedure on the other hand relates to a way of doing something. For example when accessing the database, there are the steps that every other staff has to follow to gain access. This is different from standards, given that the latter is associated with quality levels. Procedure is more of the steps that are designed and established to be the correct way of a given process. This can also be associated with the steps that an IT professional at the company will follow to determine if the system has been compromised. Guidelines are on the other hand considered principles that set the standards or used in the determination of the course of action. Control in an organization relates to the power to make important decisions. It is more of the authority that exists within the different ranks to make the decisions within the organization and all of the above (Collins Dictionary, 2018).
‘Cyber criminals are endlessly innovative and the threats they represent change constantly, so it is important to keep your security practice evolving in order to combat these threats. Bringing in experts can give your company an enormous advantage. When it comes to cybersecurity, economy of scale works wonders on the efficiency of industry-specific policies, since sector-wide patterns and statistics can be leveraged to create robust, flexible defense infrastructure. Plus, you gain the benefit of experience—there is no need to learn from your mistakes when you can learn from those of others. When millions of dollars in damages could potentially be on the line, those who invest in the right preparation beforehand consistently come out on top.’ (Kozloski, 2016)
Policy Characteristics
For an organization to experience success in the implementation of the various programs and the execution of every other procedure, the basis lies in the quality of the policies (Bendiola, 2013). There are various characteristics which are associated with a good policy as follows. These are characteristics that can be used in any given organization to determine their level of quality with their policies and what to expect in their implementation.
1 One of the basic characteristic of a good policy is the level of endorsement. This is to mean that all of the parties who will interact with the policy understand and support it. Where a policy does not take into consideration of the parties that are going to be interacting with it such as the support staff, there are very high chances of failure. These are associated with sabotage or simply staff being in a state where they do not have the understanding of the intention and application (Bendiola, 2013).
2 A policy should also be flexible in a manner that accommodates changes now and in the future. Organizations are dynamic, an element that is reflective of the environments in which they operate internally and externally. The level of adaptability determines the success of the policy when dimensions shift (Metivier, 2018).
3 It is also crucial for a policy to be relevant in the sense that it is applicable to the organization. This is to mean that the policy should be a reflection of the organization internally and externally. As such, they should be consistent with all the levels and even departments at the organization (Norwich University, 2018).
4 Every successful policy relies on the element of being enforceable. It is has to be a policy that can be implemented in any level of the organization. Where a policy is not enforceable, it goes without saying that, it is not going to have the desired effect on the organization and in some of the cases any effect (Metivier, 2018).
5 The ability to measure the results of the policy and outcomes at every other level makes the difference between a winning policy and one that does not work. It is crucial that the organization is able to assess the level of impact that a policy has on its operations at any given time and level (Norwich University, 2018).
6 Consistency is also a characteristics that sets apart policies that are successful from those that aren’t. Policies serve to guide the decision making process and as such need to be reflective of the same at all levels. Consistence increases the chances of the organization achieving quality results every other time (Metivier, 2018).
7 As earlier mentioned, every other policy should be future proof. This is to mean that, the development of the policy should factor in the development of the organization now and in the future. This is a crucial element and one that build on the aspirations of the company. Ideally, every organization is looking to grow in the future with respect to various aspects, all of which should be captured in the spirit of the policy (Bendiola, 2013).
Security Policy Lifecycle
Policy development is cyclic in nature relative the number of corrections, which have to develop over the course of time. As mentioned earlier, organizations are quite dynamic in nature, whether internally or externally. The cyclic nature of the policy development process is associated with the refinement of the same. The process cycle starts with the risk assessment, where the cyber security professionals assess the stability of the system among other weaknesses. This leads to the establishment of the policy construction process than then leads to policy implementations and finally policy monitoring and maintenance. The cycle then leads back to the risk assessment as the cybersecurity professionals look into other weaknesses in the system to adjust and correct.
2705100220726051244501616710267652512928608096251578610-8286751083310Risk Assessment on the system 0Risk As...