I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
In week 2 you created an Enterprise Security Policy.
1. How will you implement and enforce your plan.
2. Describe at least 4 steps you will use.
The first step to implementing a security policy is to ensure that the upper management buy off on the plan. To do this, the policy must be effectively pitched to the upper management. A good way to sell upper management on the security policy is to show them how to policy will make their company more productive and therefore, save money or make more money. Ideally a good policy will help a company do both.
After having upper management buy off on the security policy, the next step is to let everyone in the company know that there are going to be changes. The best way to introduce a new security policy is to hold training in an open forum, so that the employees can interact and ask any questions to any issues or misunderstandings they may have. Instead of just handing the employees a copy of the new policy and leaving it for them to mull over and try to figure out, they will be able to get the â€œwhat the policy means for them.â€ During the training session, any issue will be clarified. This is also a good way to find out if there may be issues with the policy before it is actually put into place. After training the employees will be given the date that the new policy takes into effect. It could be that day or a few weeks later; it would depend on how many training sessions take place and how much leeway the company wants to give for getting used to the policy.
To enforce the security policy, employees will be instructed in what will happen for various infractions. Minor infractions will incur a first time warning. Many companies tend to use a three strike policy, unless a major infraction occurs. A major infraction would typically be something that any person should know is absolutely wrong to do and immediately affects the company in a negative manner. A minor infraction may be something like using a computer to look at a social media site. A major infraction might be a user downloading files without knowing the source.
Another way to enforce the policy is with controls. To ensure compliance with the new policy, control will be put into place. An example of a control that would be used is to ensure that passwords have to meet the minimum requirements.In week 2 you created an Enterprise Security Policy.
1. How will you implement and enforce your plan?
In order to effectively enforce the security plan, the focus would be on overall awareness, training, and responsibility to the user(s). Just having a plan in place simply isnâ€™t enough, there is a key piece to the puzzle in order for the plan to hold any value and be carried outâ€¦people. The entire staff must be made aware of and trained properly to mitigate potential threats or policy/plan violations (InfoSec, 2017). If such a thing occurs, the result(s) could be a huge [negative] impact, mishandled information, sensitive data loss etc.
2. Describe at least 4 steps you will use.
To accomplish the enforcement of the plan, not only is training awareness important there are other ways to achieve a successful plan. The first step I would incorporate ties in with awareness training, making sure through seminars and distributing information and documenting employee compliance for record. This way each staff member could be held accountable. This training would also be a reoccurring process over time to ensure repetition and freshness. Another step more towards enforcement would be regular monitoring and quality checks to ensure policy and protocol are being followed.
The last two steps, are something I am quite familiar with from my military experience. The first being, ensuring to explain the â€˜Why?â€™ in the process. In doing so, you allow further welcome employee buy-in to the security plan, in turn making it easier for them to follow through with the protocol. Finally, walking hand in hand with the buy in from the staff, training and awareness, and accountability, another key tip is to encourage feedback (Walshe, 2017). By encouraging feedback from the staff, it further solidifies the buy-in which in turn can lead to open discussions and innovation to the policy itself.
Constitution Day Founding Father fact: Daniel Carroll; Maryland- his family had many historically colonial member lineage, including a cousin named â€˜Charles Carrollâ€™ who hold a distinction as being one of five men to sign both the Declaration of Independence and the U.S. Constitution. Their family motto is â€œStrong in Faith and Warâ€. Lastly, something I found interesting Daniel Carroll was one founding father who motioned that â€œby the peopleâ€ should replace the words â€œby the legislatureâ€ in the Constitution we know today.
InfoSec (2017). Best Practices for Implementing an IT/Cybersecurity Policy. InfoSec Institute Online. Retrieved from: https://resources.infosecinstitute.com/best-practices-implementing-itcybersecurity-policy/
Walshe, K. (2017). Tips to help enforce your corporate security policy. Trilogy Technologies Online. Retrieved from: https://trilogytechnologies.com/corporate-security-policy/
“Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!”