Organizations which rely on network infrastructure for their business operation must utilize security technology to protect the network from harmful actions of automated attacks as well as malicious human activity. It is also important to enact policies and guidelines for the employees of the organization, which in many regards can be the weakest link in the chain of security. According to a survey by The Ponemon Institute (2012), “78 percent of respondents said their organizations have experienced a data breach as a result of negligent or malicious employees or other insiders” (p.1). A statistic like this points to the need for comprehensive policies that detail the company’s expectations and mandates for specific situations relating to cybersecurity. Policy Considerations
In order for a cybersecurity policy to be successful, it should cover every conceivable situation (Easttom, p.201, 2012). Security events that are not associated with a policy are likely to not be handled as efficiently as an event that does have a policy. Policies reduce or eliminate uncertainty over the expected way a security event is to be dealt with. A successful cybersecurity policy will restrict actions enough to facilitate a secure network while avoiding mandates which restrict behavior so tightly that employees will become resentful or find ways to circumvent the policies. When considering specific policies, it is important to not create policies that are unclear or open to interpretation. Instead, each policy should be as specific as possible, leaving little room for interpretation or misunderstanding.
Cybersecurity policies can be in the form of advisory or compulsory. Policies that are advisory are suggested, but not enforced. An advisory polic...
... middle of paper ...
..., the company’s security policies will undergo a review by management and the IT staff on a biannual schedule. By a process of periodic review, the company’s cybersecurity policies will remain relevant and effective, even as circumstances change over time.
Cisco. (2005). Network Security Policy: Best Practices White Paper. Retrieved January 19, 2014 from http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper
Easttom, C. (2012). Computer security fundamentals. Indianapolis. Pearson.
Microsoft. (2012). Strong Passwords. Retrieved January 19, 2014 from http://technet.microsoft.com/en-us/library/ms161962.aspx
Ponemon Institute. (2012). The Human Factor in Data Protection. Retrieved January 19, 2014 from http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt_trend-micro_ponemon-survey-2012.pdf