Topic: IT or cyber security policy
Cyber Security Policy. “Based on your reading and on additional research on line, what are the major components of an IT or cyber security policy? If you work for a company are you aware of what the policy is for the company? Please describe it and if it corresponds to the reading or your research.
Write a 2 to 3 paragraph synopsis of what you found and your analysis”
What is Cyber Security Policy?
Cybersecurity refers to mechanisms and procedures that are designed and implemented to protect systems, computer programs and networks from attacks carried out in the digital environment (Singer & Friedman, 2014). These attacks are popularly known as cybercrime attacks and are mostly aimed at the unauthorized access of sensitive information resulting to malicious deeds such as manipulation and destruction of the information or extortion of money from the victims of the attacks (Singer & Friedman, 2014). Cybersecurity policies, therefore, provide a concise outline of how organizations design and implement mechanisms and procedures aimed at protecting the organization’s systems, programs, networks and users from cybercrimes (Singer & Friedman, 2014). A review of notable cybercrime incidences shows that these vices have catastrophic impacts on the victims of the attacks.
For instance, leakage of classified military data on military defense operations as a result of a cybercrime attack may result in the exposure of a country’s weak points leaving the country vulnerable to enemy attacks. It is based on this fact that cybersecurity policies become a necessity for any organization, whether government-owned or private institutions. Additionally, the cybersecurity policies need to be stringent and almost ‘air-tight’ to ensure all weak points of attacks are covered. The policy also needs to be updated on a regular basis since the cyber-crime dimension is one that is highly volatile and characterized by rapid changes witnessed on every new day (Singer & Friedman, 2014).
Essentials of Cyber Security Policy.
The major components of a cybersecurity policy are Availability, Confidentiality, and Integrity (Ericsson, 2010). Confidentiality ensures that information, as well as information infrastructure, are concealed to prevent access by unauthorized individuals (Ericsson, 2010). Like in the military example provided above, information needs to be highly protected to prevent it from landing in the hands of the enemy such as terrorist groups. Cybersecurity policies that ensure information remains confidential include measures such as controlled access mechanisms such as cryptography (Ericsson, 2010). Cryptography works by encoding data through scrambling of the data and the only way to unscramble the data is by use of a decoding key (Ericsson, 2010). This thus ensures sensitive information remains confidential. Integrity works to ensure the information and information resources are credible and thus can be relied upon to make sensitive and critical decisions (Ericsson, 2010). In a cybersecurity policy, integrity works to prevent unauthorized change and manipulation of data as well as data access mechanisms (Ericsson, 2010). An example of a cybersecurity policy mechanism that ensures integrity is authentication protocols such as ‘administrator rights’ which ensure only authorized individuals have the privilege to access system controls that enable them to change data or data access mechanisms (Ericsson, 2010). This ensures information remains credible and reliable. Finally, availability works to ensure that users of the systems are able to access information and programs through the system and its network, whenever the need to arises (Ericsson, 2010). In essence, availability works to prevent downtime.
In the context of cybersecurity policies, an individual may deliberately execute actions that lead to denial of service attacks (DOS) which deny users of the attacked system the ability to access information or resources provided through the system. A common way to do this is overloading servers with many request packets (Ericsson, 2010). Cybersecurity policy mechanisms that ensure availability, therefore, may include mechanisms such as firewalls and programs which inspect the HTTP traffic to ensure only legitimate requests are prioritized by the server (Ericsson, 2010). This thus prevents denial of service attacks and ultimately ensures system resources and information are available at all time.
Cyber Security Policy real world application
To test the real world application of the stipulations above, I conducted an elaborate review and analysis of the cybersecurity policy used by the National Bank of New York. The analysis showed that the bank’s policy is developed around three core areas: governance, assessment, and awareness. Governance ensured that the top management prioritizes development of strategic measures and mechanisms that ensure the bank adopts a proactive approach in fighting and preventing cybercrime attacks. Assessment ensured the bank carries out an evaluation of its systems and procedures on a regular basis to ensure new methods of cybercrime are prevented from affecting the bank, right on their tracks. This involves internal and external auditors carrying an extensive analysis of the institution’s cyber threats landscape so as to deal with the threats as soon as they arise. Awareness works to ensure that the bank sensitizes all its stakeholders through awareness programs so as to ensure that they are also able to protect themselves from cybercrime attacks on a personal level. Therefore, the analysis was satisfied that the bank’s cybersecurity policy adheres to the three major components of an IT or cybersecurity policy. The collective proactive approach adopted by the bank worked to ensure that the bank’s systems and personal information were not accessible by unauthorized individuals (confidentiality), the bank’s services remain running at all time by preventing attacks that slow or curtail the banks operations (availability) and ultimately ensure the bank’s operations are based on credible data and systems (integrity).
Cyber Security Policy References
Ericsson, G. N. (2010). Cyber security and power system communication—essential parts of a smart grid infrastructure. IEEE Transactions on Power Delivery, 25(3), 1501-1507.
Singer, P. W., & Friedman, A. (2014). Cybersecurity: What everyone needs to know. Oxford University Press.