User Account

All Pages

Policies need high visibility to be effective

Assignment Help Basic Computer Science
Reference no: EM132410463

Your policies need high visibility to be effective. When implementing policies, you can use various methods to spread the word throughout your organization.

Use management presentations, videos, panel discussions, guest speakers, road shows, summits, question/answer forums, and newsletters. Introduce computer security policies in a manner that ensures that management's support is clear, especially where employees feel overwhelmed with policies, directives, guidelines, and procedures.

Remember that the work of building awareness and gaining acceptance of security policies does not start when the framework is published. Its success will be determined by how it is put together and who is involved. Every organization is different, and differences play out in many ways. Organizations vary as to their industry or field, their regulatory requirements, their culture, and their leadership personalities.

All are necessary considerations as you start to develop a framework. In general, you should state core principles in form of goals upfront. This defines "what" the framework must achieve. These goals are typically nonnegotiable security requirements. First get buy-in on the "what," and then get others to work together with you on the "how." You can be more flexible on the "how" than the "what." Gain ownership from key user groups by offering them choices on how to achieve policy goals. Executives and end users know the business and can usually finds ways to integrate security processes while minimizing operational impact.

Formulating viable computer security policies is a challenge and requires communication and understanding of the organizational goals and potential benefits that will be derived from policies. Through a carefully structured approach to policy development, you can achieve a coherent set of policies. Without these, there's little hope for any successful information security systems.

Case Studies in Policy Framework Development

This section provides three case studies that help you understand how to develop or implement a policy framework. You will look at cases from the private sector, the public sector, and the critical infrastructure protection area.

Private Sector Case Study

In 2008, Nadia Fahim-Koster, director of Piedmont Healthcare IT Security, reassessed the security compliance of the hospital using a well-established approach. The director decided to start with baseline metrics for IT security risk. This would help her determine whether the systems were already in compliance. It would also provide a baseline when assessing systems in the future. If systems were not in compliance, her IT team could adjust security configurations and controls to bring them into compliance. However, the director faced the following challenges:

• A large, diverse network of systems with over 7,000 devices

• An incomplete inventory of IT assets and their configurations

• No easy way to classify assets

• A broad Health Insurance Portability and Accountability Act (HIPAA) standard that left elements of reporting open to interpretation

She assembled an IT team to work on the project. They began with asset discovery to create a complete and up-to-date inventory of systems. Next, they looked at system configurations to determine if they complied with regulations and existing hospital policies.

The director decided to measure Piedmont Healthcare's IT security controls using NIST SP 800-53. The team established a framework for classifying and measuring security controls across the Piedmont Healthcare network.

"Selecting the NIST framework as our measurement framework meant that we had to classify all of our IT assets the same way," explained Fahim-Koster. "Once this was completed, we could begin to capture the existing security controls and perform a gap analysis to see where we needed to make improvements."

Using the NIST framework, Piedmont classified its servers as high, medium, or low impact based on the type of information they contained. When IT personnel determined the gaps in compliance controls, they could prioritize which servers to address first and prioritize which controls to use.

Based on the above case study or the Case Study on Page 168 of your text, write a 3 - 6 page paper to include the below information:

Assign roles and responsibilities for employees at varying levels in the corporate hierarchy that are responsible for security policies.
Analyze risk assessment and risk mitigation strategies and policy needs based on best practices
Summarize your findings.

Reference no: EM132410463

Questions Cloud

Information security certifications : To ensure that information technology workers maintain up-to-date knowledge about information security, many employers require periodic certification.
What determines the level of organizational risk : What determines the level of technical risk associated with a project? What determines the level of organizational risk?
Emerging trends and challenges : SECURITY AND PRIVACY IN THE WIRELESS INTERNET OF THINGS: EMERGING TRENDS AND CHALLENGES
Information governance policy for cloud computing : Write research paper on the topic " Challenges of Implementing Information Governance Policy for Cloud Computing.
Policies need high visibility to be effective : Your policies need high visibility to be effective. When implementing policies, you can use various methods to spread the word throughout your organization.
What are some recent threats in digital transformation : What are some recent threats(2019) in the Digital Transformation of Credit Process and Model Governance
How are you going to be better prepared moving forward : As you develop your reflection you are moving in the right direction -- but delve deeper. How are you going to be better prepared moving forward?
Reflect on the key characteristics of the initiative : Identify a sector and the role of ICT for policy development? Reflect on the key characteristics of the initiative? Assess the policy implications.
What is the so-called black-box syndrome : What is the so-called "black-box" syndrome? What is the meaning of "maximum margin hyperplanes"? Why are they important in SVM?

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Binary operation with detailed

Binary and floating-point arithmetic. Solve each binary operation with detailed, step-by-step explanation. Please note that for each of the following operations

  Implementing byod policies

Provide at checklist of at least three steps that organizations must take when implementing BYOD policies.

  Use-case matrix for the major processes of the system

Below is a Use-Case Matrix for the major processes of the system. To keep this simple, all "maintenance" events, such as adding new salespeople, tasks, and technicians have been ignored.

  Understand and manage risks

How can it be leveraged by an organization to better understand and manage their risks?

  Happens to the money multiplier in a financial crisis

1. What do you think happens to the money multiplier in a financial crisis (like the one we had in year 2008), and why? 2. What is the role of the central bank and commercial banks in the process of money multiplication?

  Differentiate between formal and informal imperialism

Differentiate between formal and informal imperialism, and give examples of the technological advantages that led to the success

  Understanding of potential risks

When you are an IT specialist who is tasked with maintaining an organization's large networks, it is important have an understanding of potential risks. It has been said most network issues can fall a number of categories:

  Contribute to success of organization security presence

In the world of cybersecurity, there are many teams that contribute to the success of an organization's security presence.

  Obvious and reasonable strategy

An obvious and reasonable strategy is for each man to shoot at the most accurate shooter still alive, on the grounds this shooter is the deadliest and has the best chance of hitting back.

  Programming language you desire

You may manipulate this database with any programming language you desire.

  List out the various steps of software life cycle

Que.1: List out the various steps of Software Life Cycle. Draw the diagram of Software Life Cycle and explain all the steps in details.

  How can we calculate the probability for each outcome

What does it mean? How do we get that? How can we calculate the probability for each outcome?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd