Do you have a Cybersecurity Policy or Plan?

Written By Todd Mitchell

A cybersecurity policy sets the standards of behavior for activities such as the encryption of email attachments, use of strong passwords, and restrictions on the use of social media. Cybersecurity policies are important because cyberattacks and data breaches are potentially costly.

As a Cybersecurity expert I would implement a review of the current process being used in your business. Then make recommendations to change bad behaviors and set policies to enforce good practices.  The policies would be reviewed by employees and management to verify they are able to be followed. The NIST risk management framework and associated standards and controls are used to ensure the best mitigation to vulnerabilities were being used (National Institute of Standards and Technology, 2015).

The second phase would be to follow up after a period of time to review the process internally and verify that the risk management framework and controls were actually being implemented. A strong verification and validation program would be implemented to ensure compliance with the proper controls for each sub-system. As a return on investment the process improvement would save the organization money by reducing lost profits due to cyberattacks (Howard, 2015).

References:

Howard, R (2015, January 12). The Cybersecurity Cannon: Winning as a CISO. Retrieved from http://researchcenter.paloaltonetworks.com/2015/01/cybersecurity-canon-winning-ciso/

National Institute of Standards and Technology. (2015). Computer Security Resource Center. Retrieved from Computer Security Division: http://csrc.nist.gov/publications/PubsSPs.html

Todd Mitchell
Previous

What is the CIA Triad? No, it is not the spy agency….
Next

What are Advanced Persistent Threats (APTs)?