Strayer CIS 462 Security Strategy and Policy, CIS 462 Final Exam, Security Policies and Implementation Issues
Exclusive and Original document Available only on Course Answer
Download Now(sent via email)
Examine the implementation issues for IT security policy development. Determine which of these issues are the most challenging for organizations to overcome and explain why. Organizational challenges in implementing IT security policy development include accountability where management plays as key role they often consider it an IT function, but it is important for managers to support security policies and that they convey a positive attitude about them to all members of an organization. Another one is a lack of budget, the needed resources and or funding may not be available, again the support of management for funding and resources is needed. Lack of priority, each department has its certain priorities and security policy implementation should not disrupt other business functions. Tight schedules could be due to regulatory compliance and specific time constraints, being on a time schedule could interfere with the proper training of employees in a timely manner. To me the most challenging would be accountability, if management is not on board and don’t display a positive attitude about adhering to security policies and don’t do it themselves employees will not see the importance of being accountable for their actions when using the organizations computer systems. Propose at least three control measures that organizations can implement to mitigate the potential issues associated policy development and implementation. Training and awareness of security policies is the most important. Employees need to know the processes and procedures that must be taken and also why they are important. There should be regular meeting, real life scenarios presented, and make sure the negative impacts of not adhering to security policies is known. Making sure that employees know, understand, and sign an Acceptable Use Policy, and also know the consequences of not following the policy. Posting policies on the intranet makes them easy to get to, can be kept current, any changes are shown right away and can be highlighted, make it searchable for a specific item, it will not be costly to the organization.
Develop a list of the key elements that need to be included in a security awareness program. Analyze how security awareness 1 programs differ for security training programs. Security awareness programs provide trainings about security policies, threats, and handling of digital assets. The security awareness program is designed to take care of the human issues. The one element that stook out to me the most is creativity. All security awareness programs should be creative and engaging. We all know that humans have select hearing and are always trying to find ways around rules, so having an awareness program that keeps their attention is key. Security awareness programs also need leadership sponsorship and a team that manges the awareness campaign efforts. Unlike security training programs, security awareness programs are for everyone. Everyone within an orgnaization needs to have knowledge of the security policies and how they affect them. Security training programs are for the people that work directly with the seucirty. These programs teach personnel how to enforce or perform securiyrelated policies or activities. Security awareness programs do not have to classroom environment activities. They could any avenue to make sure that employees and customers become aware and remain aware. Examine at least four common hindrances to organization developing effective security awareness programs and security training programs. Propose solutions to these hindrances. One hindrance could be the lack of management support. The best solution for this hindrance is highlighting the fact that security awaness training is required and that it will yeild a return on investment and save the organization a deal deal of money in the future. Another hindrance is that employees are not able to obtain an experience that he or she can remember or learn from. This goes hand in hand with creativity. Having a dull awareness program will not yield the best results. Another hindrance to effective security awareness programs is money. The organization has to be willing to put money into the awareness program if it wants to see results. The solution to this is to get management on board early and make realistic budgetal requests with detailed explanations. Lastly, a hindrance may be that employees may not take the program seriously. The solution to this hindrance is by holding employees accountable for participation and compliance.