User Account

All Pages

Policies need high visibility to be effective

Assignment Help Basic Computer Science
Reference no: EM132410463

Your policies need high visibility to be effective. When implementing policies, you can use various methods to spread the word throughout your organization.

Use management presentations, videos, panel discussions, guest speakers, road shows, summits, question/answer forums, and newsletters. Introduce computer security policies in a manner that ensures that management's support is clear, especially where employees feel overwhelmed with policies, directives, guidelines, and procedures.

Remember that the work of building awareness and gaining acceptance of security policies does not start when the framework is published. Its success will be determined by how it is put together and who is involved. Every organization is different, and differences play out in many ways. Organizations vary as to their industry or field, their regulatory requirements, their culture, and their leadership personalities.

All are necessary considerations as you start to develop a framework. In general, you should state core principles in form of goals upfront. This defines "what" the framework must achieve. These goals are typically nonnegotiable security requirements. First get buy-in on the "what," and then get others to work together with you on the "how." You can be more flexible on the "how" than the "what." Gain ownership from key user groups by offering them choices on how to achieve policy goals. Executives and end users know the business and can usually finds ways to integrate security processes while minimizing operational impact.

Formulating viable computer security policies is a challenge and requires communication and understanding of the organizational goals and potential benefits that will be derived from policies. Through a carefully structured approach to policy development, you can achieve a coherent set of policies. Without these, there's little hope for any successful information security systems.

Case Studies in Policy Framework Development

This section provides three case studies that help you understand how to develop or implement a policy framework. You will look at cases from the private sector, the public sector, and the critical infrastructure protection area.

Private Sector Case Study

In 2008, Nadia Fahim-Koster, director of Piedmont Healthcare IT Security, reassessed the security compliance of the hospital using a well-established approach. The director decided to start with baseline metrics for IT security risk. This would help her determine whether the systems were already in compliance. It would also provide a baseline when assessing systems in the future. If systems were not in compliance, her IT team could adjust security configurations and controls to bring them into compliance. However, the director faced the following challenges:

• A large, diverse network of systems with over 7,000 devices

• An incomplete inventory of IT assets and their configurations

• No easy way to classify assets

• A broad Health Insurance Portability and Accountability Act (HIPAA) standard that left elements of reporting open to interpretation

She assembled an IT team to work on the project. They began with asset discovery to create a complete and up-to-date inventory of systems. Next, they looked at system configurations to determine if they complied with regulations and existing hospital policies.

The director decided to measure Piedmont Healthcare's IT security controls using NIST SP 800-53. The team established a framework for classifying and measuring security controls across the Piedmont Healthcare network.

"Selecting the NIST framework as our measurement framework meant that we had to classify all of our IT assets the same way," explained Fahim-Koster. "Once this was completed, we could begin to capture the existing security controls and perform a gap analysis to see where we needed to make improvements."

Using the NIST framework, Piedmont classified its servers as high, medium, or low impact based on the type of information they contained. When IT personnel determined the gaps in compliance controls, they could prioritize which servers to address first and prioritize which controls to use.

Based on the above case study or the Case Study on Page 168 of your text, write a 3 - 6 page paper to include the below information:

Assign roles and responsibilities for employees at varying levels in the corporate hierarchy that are responsible for security policies.
Analyze risk assessment and risk mitigation strategies and policy needs based on best practices
Summarize your findings.

Reference no: EM132410463

Questions Cloud

Information security certifications : To ensure that information technology workers maintain up-to-date knowledge about information security, many employers require periodic certification.
What determines the level of organizational risk : What determines the level of technical risk associated with a project? What determines the level of organizational risk?
Emerging trends and challenges : SECURITY AND PRIVACY IN THE WIRELESS INTERNET OF THINGS: EMERGING TRENDS AND CHALLENGES
Information governance policy for cloud computing : Write research paper on the topic " Challenges of Implementing Information Governance Policy for Cloud Computing.
Policies need high visibility to be effective : Your policies need high visibility to be effective. When implementing policies, you can use various methods to spread the word throughout your organization.
What are some recent threats in digital transformation : What are some recent threats(2019) in the Digital Transformation of Credit Process and Model Governance
How are you going to be better prepared moving forward : As you develop your reflection you are moving in the right direction -- but delve deeper. How are you going to be better prepared moving forward?
Reflect on the key characteristics of the initiative : Identify a sector and the role of ICT for policy development? Reflect on the key characteristics of the initiative? Assess the policy implications.
What is the so-called black-box syndrome : What is the so-called "black-box" syndrome? What is the meaning of "maximum margin hyperplanes"? Why are they important in SVM?

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Identifies the cost of computer

identifies the cost of computer components to configure a computer system (including all peripheral devices where needed) for use in one of the following four situations:

  Input devices

Compare how the gestures data is generated and represented for interpretation in each of the following input devices. In your comparison, consider the data formats (radio waves, electrical signal, sound, etc.), device drivers, operating systems suppo..

  Cores on computer systems

Assignment : Cores on Computer Systems:  Differentiate between multiprocessor systems and many-core systems in terms of power efficiency, cost benefit analysis, instructions processing efficiency, and packaging form factors.

  Prepare an annual budget in an excel spreadsheet

Prepare working solutions in Excel that will manage the annual budget

  Write a research paper in relation to a software design

Research paper in relation to a Software Design related topic

  Describe the forest, domain, ou, and trust configuration

Describe the forest, domain, OU, and trust configuration for Bluesky. Include a chart or diagram of the current configuration. Currently Bluesky has a single domain and default OU structure.

  Construct a truth table for the boolean expression

Construct a truth table for the Boolean expressions ABC + A'B'C' ABC + AB'C' + A'B'C' A(BC' + B'C)

  Evaluate the cost of materials

Evaluate the cost of materials

  The marie simulator

Depending on how comfortable you are with using the MARIE simulator after reading

  What is the main advantage of using master pages

What is the main advantage of using master pages. Explain the purpose and advantage of using styles.

  Describe the three fundamental models of distributed systems

Explain the two approaches to packet delivery by the network layer in Distributed Systems. Describe the three fundamental models of Distributed Systems

  Distinguish between caching and buffering

Distinguish between caching and buffering The failure model defines the ways in which failure may occur in order to provide an understanding of the effects of failure. Give one type of failure with a brief description of the failure

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd