Cybersecurity Operations and Administration
A policy can be described as a statement that describes the acceptable behaviour, goals, and ethics of a particular organization or enterprise. Policies are used to guide organization members to ensure the organization is moving in one direction towards achieving its objectives. Cyber security and security generally cannot be controlled by one person or department but rather depend on the entire organization’s behaviour. Security policies cannot solve these problems, but if properly written and followed by the organization’s members, they can drastically reduce attack risk (Sehgal, Bhatt & Acken, 2020).
Considerations for Security Policy
The organization’s goals and requirements are the first consideration for creating a security policy. A security policy serves the organization and ensures it reaches its objectives and goals. A security policy that increases security but leads the organization in the opposite direction from its objectives is invalid. Another key consideration when creating policy is a deep understanding of the organization’s or enterprise’s risks. Security policies are guidelines supposed to direct the organization towards risk avoidance. The fewer risks an organization faces, the fewer chances of suffering from a security attack. As a result, security policies should be written after a critical risk assessment has been performed. The management should then consider the identified risks and how the risks can be mitigated and then build policies around these risk management factors.
Another consideration when creating a security policy is the opinions and suggestions from all departments in the organization. Cyber security experts and the IT department might have the upper hand in understanding data security measures and policies. Still, other organization members offer a unique view of security, which might be the missing link to a perfect security policy. The hardware and software tools used are another consideration while creating a security policy. Different hardware devices have other vulnerabilities, which should be considered when making a policy. An action regarded as safe while using one device might be a high-security risk on another device. Older devices are also known to have more security vulnerabilities than newer models. The software and operating systems in use by the organization should be considered while coming up with security policies. For instance, it is well known that some operating systems are more vulnerable to attacks, and exposing them to the internet is a high-security risk. Thus, It is essential to consider both hardware and software when creating a security policy (Tagarev & Polimirova, 2019).
The intended audience of the policy document is another factor that needs to be considered when creating policy. The type of language is relevant depending on the target audience. Technical staff, such as cybersecurity experts, might understand jargon related to the line, but the same jargon might be incomprehensible to another audience lacking cybersecurity. Apart from vocabulary, the understanding of concepts between different departments and expertise is diverse, and these factors must be considered while making security policies. It is recommended to use clear, simple English that all organization members will understand to avoid confusion or misunderstanding. The individuals required to adhere to the policy are also to be considered. Guidelines should evaluate the capacity of the targeted individuals to carry out the procedure.
Another factor to consider when considering security policies is the social, political, and economic context. The social context or how society will interpret a particular procedure is a factor to be considered since any organization is a community member and must be accountable to the community. Some policies might improve an organization’s security but are viewed against societal norms; such policies should be analyzed critically. If making them societally acceptable is possible, then that is the path to be followed. The political atmosphere of the region where the organization is located is another factor to consider while preparing policies. Some policies might be viewed as going against the current political sentiments in the area; such policies can cause friction with the political system and its supporters. It is up to the organization to decide if its security advancementsical tension.
On the other hand, some policies can be seen as supporting the political system, are welcomed, and will even receive support. The organization’s economic situation and the economic sense of enforcing a particular policy are significant factors to consider. Implementing a specific security policy might be more expensive than dealing with the risks that the policy will assist in managing. It is more economical to leave the procedure alone and risk the attack in such a situation.
Legal frameworks are another consideration when coming up with a new security policy. Some security policies can be based on laws that govern the country, which is an added advantage since the guidelines will have the backing of the law. Other approaches might be seen as going against the law and, as a result, should be avoided at all costs. Policymakers need to consider the stand of the law considering a particular policy before they implement it. Some guidelines can be made to address that specific issue in the aftermath of a special event, such as a natural disaster or cyber-attack. These policies are essential since they are created from experience and access pertinent issues to the organization. Security policies should also consider third parties, such as donors and investors, who might have a particular problem they would like addressed or thought about, affecting their participation in the organization’s welfare. Security policies are essential to any organization since they can guide the organization towards a secure future.
Risk Assessment and Analysis Policies
Risk assessment and analysis policies are acceptable behaviour, goals, and ethics governing risk assessments and analyses. Risk assessment is a systematic process of deep research of company operations and resources to find the possible threats an organization faces or can face in the future. Risk assessment is vital to any organization as it assists in making the organization more secure by identifying possible threats, which are then managed or resolved. Hazards can present in the form of operational and procedural weaknesses and are mitigated through countermeasures meant to prevent the occurrence of a disruptive event. Risk assessment and analysis policy is essential since it ensures that risk assessment meets the required standard and does not violate the organization’s spirit, objectives, and guidelines. An organization that does not have a risk assessment and analysis policy does not have any guidelines on how they should be conducted and, as a result, cannot differentiate a high-quality assessment and analysis from a low-quality assessment. In such an organization, members can brainstorm risks they think the organization might face without conducting practical, on-the-ground assessments; this kind of risk assessment will only provide some dangers and might not capture the company’s real dangers and threats. Such assessments weaken an organization’s security in the long run (Landoll, 2021).
One risk assessment and analysis policy that would drastically improve the performance of an organization is that a multidisciplinary committee must conduct all risk assessments and analyses instead of being undertaken by a single individual or department. This policy will ensure that the risk assessment and analysis cover multiple areas of the organization and incorporate expertise from various departments. Another advantage of conducting risk assessment by individuals from numerous disciplines is that the number of errors is reduced due to the number of people the report goes through before reaching its final form. If one individual makes an error, another individual from their discipline will likely pick up on it. If not, an individual from another department will. Ensuring multidisciplinary committees also allows for different perspectives on the assessment and analysis, making it broader in scope (Estrada, 2011).
Another risk assessment and analysis policy that would improve an organization’s performance is that all risk assessment and analysis must be approved by management or the board of governance. This policy will enhance accountability, inclusivity, and management. Including management and other leadership in risk assessment and analysis benefits the organization since the direction can allocate the required resources towards the endeavour, making it more effective. Another advantage of including control in risk assessment and analysis endeavours is that the administration can direct the assessment and analysis teams on which areas of the enterprise to concentrate on; these are the high-priority areas that contribute large portions to the organizations and are at the organizations’s core. By focusing on high-priority areas, the organization will benefit more from the assessment and analysis than from performing a general assessment without any specified targets.
Acceptable Use Policy
The acceptable use policy is a document that must be signed to allow an individual to gain access to an organization’s network or another private resource. This document is vital since it stipulates what is acceptable and what is not while using the company’s network. One of the factors that a fair use policy should cover is ensuring that users do not perform any illegal or unethical activities while connected to the organization’s network or misuse the network. Forbidden actions on an organization’s network might spoil its organization, leading to its management being arrested. On the other hand, misuse of the organization’s overload leads to slow response time for other users on the web. An acceptable use policy should also cover the actions the company finds unethical or those that go against its objectives and goals. This is important since such activities within the organization seem hypocritical, making its shareholders lose faith in the organization’s organization use policy should also cover actions that breach the organization’s organization since users might expose the organization to organization, whether intentionally or otherwise, in the event of a cybersecurity attack on the organization. Organization policy documents should also ensure that users on the network do not use it for commercial purposes. This is important since some individuals might misuse the web to benefit the organization or organization; an acceptable use policy should strictly forbid network users from using private or privileged information to help their competitors. This is important since some users might use their access to an organization too organizationally at its expense or even use private information to blackmail or discredit the organization.
Dororganizationtion Policy
Data classification policy can be defined as the rules and guidelines that govern how data is collected and classified. The policies also explain which information is private and requires authentication and which information can be made public. Data classification policy is also used to guide how data will be managed to ensure it is available when needed for all authorized user-authorized networks (Briesemeister, 2019). Data classification policy should contain information on the levels of access allowed for their data. Some information can be made public, and others should only be accessed by members of the organization so the organization’s top management. These classifications of user authorization aaa authorization ensure all members of the organization are critical to their work while also providing data security and privacy. Data classification policy should contain information on which data management methods will be used and the data formats that will be used by the organization. The organization since different data formats might cause errors and confusion within some departments; for instance, if users have installed Excel on their devices and use CSV format to manipulate and store data, suddenly changing to another data format might affect the organization or the organization may be in the form of retraining employees on how to interact with the new data format, which might be met with resistance. Data management policy should contain guidelines on how data should be backed up, the kind of information that will be backed up, and the kind of backup to be used. Data backups are essential to maintaining business continuity and recovery in an attack or loss due to physical damage to equipment. Cloud-based data backups are recommended for sensitive information since they can be accessed from any location with the proper authentication (Shaikh & Sasikumar, 2015).
User to Buy into Security Policy
Users of a policy are ultimately the main determinants of whether the policy will succeed. It is thus essential for management to find ways of making users buy into the procedures to implement them wholeheartedly. One of the ways to get policy users to buy into the policies is by encouraging participation in the policymaking process. If policy users feel included in the policy creation process, they are more likely to follow the guidelines without feeling oppressed (Isom & Balasuriya, 2021). Policies must also be written in simple and easily understandable language to avoid misunderstandings. For procedures to be followed, the organization must ensure that the guidelines are easily accessible to all organizations, and they must follow the procedure if they are unaware of its existence. Another method of getting users to buy into an organizational organization is the members of the organization’s disadvantages that accrue with implementing the policies and the risks or dangers that the organization faces do not follow the guidelines. Once members understand that these risks will affect them and the organization, the organization will implement its policies; organizations are strict followers of an organization. The members are seen as the most disciplined in following the company’s guides and guidelines. Most individuals are motivated by rewards and will be enticed to follow the organization’s aporganization’srah the bonus. On the other hand, some individuals are more motivated by avoiding punishment; in this case, the organization caororganizationcurghese users by enforcing penalties for users who do not follow the organization’s ororganization’spunishments do not need to be too strict, which might cause some members to feel disgruntled.
References
Briesemeister, L., Gustafson, W., Denker, G., Martin, A., Martiny, K., Moore, R., … & St John, M. (2019, July). Policy creation for enterprise-level data sharing. In International Conference on Human-Computer Interaction (pp. 249-265). Springer, Cham.
Estrada, M. A. R. (2011). Policy modelling: Definition, classification and evaluation. Journal of Policy Modeling, 33(4), 523-536.
Isom, J., & Balasuriya, L. (2021). Nothing About Us Without Us in Policy Creation and Implementation. Psychiatric Services, 72(2), 121-121.
Landoll, D. (2021). The security risk assessment handbook: A complete guide for performing security risk assessments. CRC Press.
Sehgal, N. K., Bhatt, P. C. P., & Acken, J. M. (2020). Additional security considerations for the cloud. In Cloud computing with security (pp. 193-215). Springer, Cham.
Shaikh, R., & Sasikumar, M. (2015). Data Classification for achieving security in cloud computing. Procedia computer science, 45, 493-498.
Tagarev, T., & Polimirova, D. (2019, June). Primary considerations in elaborating organizational or organizational policies. In Proceedings of the 20th International Conference on Computer Systems and Technologies (pp. 68-73).
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Cybersecurity Operations and Administration
Part 1:
Using the Internet and the Library, research and complete the following:
1) In a minimum of 900 words, what are the significant considerations of organizational or organizational?
2) In a minimum of 500 words, create two possible risk assessment and analysis policies.
Part 2:
1) In a minimum of 300 words, what should the acceptable use policy cover and why?
2) In a minimum of 300 words, what types of information should be covered in a commercial organization’s or organization’s policy and why?
3) In a minimum of 300 words, what practical ways to get user buy-in of security policies?
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.