Julian Pablo<\/p>\n\n\n\n
CYSE 300<\/p>\n\n\n\n
Professor Joe Jovacic<\/p>\n\n\n\n
Short Research Paper #2<\/p>\n\n\n\n
Due: 9\/14\/25<\/p>\n\n\n\n
Issues to Address in Security Policy<\/strong><\/p>\n\n\n\n A security policy is one of the foundations to ensure a groups assets are protected. It is vital for the policy to address the following issues that can endanger the sensitive data.<\/p>\n\n\n\n The weakest link to vital information will always be us. Having proper security awareness training addressed in the policy is a must\u2014the training gives insight to employees the importance of the security policy and social engineering tactics. Hackers are getting smarter with how they can manipulate employees to give up info, so it\u2019s important for the training to be regularly updated to keep up with the latest changes.<\/p>\n\n\n\n Having an acceptable use policy (AUP) should also be implemented in any organization\u2019s security policy. AUP lays out what a company\u2019s computers and other systems can be used for. It makes sure systems are only used for work related tasks and no other possible malicious activity. If an employee is able to open any website or even download certain applications, possibilities of viruses or even intentional sabotage malware can easily happen.<\/p>\n\n\n\n Even the smallest change to a system without approval can cause serious problems. Because of the possibility, a security policy should have a change management policy. A change management policy makes any change documented with a certain set of steps taken to ensure the system doesn\u2019t get harmed in the process. Changes should always be planned in advanced, approved and reviewed, and then finally installed with constant monitoring.<\/p>\n\n\n\n Risks within any organization and system can never be set to zero. Having proper risk assessment standards help identify risks as soon as possible. The standards should take into account the companies risk tolerance to focus on the biggest risks. Identifying as many risks as possible allows for the company to properly plan to mitigate these risks before they cause an issue in the future. There will always be new risk that will pop up in time, so conducting these assessments should be done frequently.<\/p>\n\n\n\n In the event an organization has been exploited, employees must be able to respond as quickly as possible. An incident response plan outlines the exact procedures that should be done when a security incident happens, and if the plan is followed properly, it would minimize the damage caused. Employees should be able to identify the incident as quick as possible and take action at minimum contain the issue. Once the issue is contained and ideally eradicated, then immediate action to try and recover should be taken. An attack can never be anticipated; the ability to identify and respond quickly is what\u2019s important.<\/p>\n\n\n\n References<\/p>\n\n\n\n Thurmond, T. (2024, February 6). 15 information security policies every business should have. KirkpatrickPrice. https:\/\/kirkpatrickprice.com\/blog\/15-must-have-information-security-policies\/<\/a><\/p>\n\n\n\n Top 10 security policies every company should have. Adsero Security. (2025, February 12). https:\/\/www.adserosecurity.com\/security-learning-center\/ten-it-security-policies-every-organization-should-have\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Julian Pablo CYSE 300 Professor Joe Jovacic Short Research Paper #2 Due: 9\/14\/25 Issues to Address in Security Policy A security policy is one of the foundations to ensure a groups assets are protected. It is vital for the policy to address the following issues that can endanger the sensitive data. The weakest… <\/p>\n