Paper 2

Posted by sfoul001 on

Information System Security Policies

Spencer Foulk

Old Dominion University

CYSE 300: Introduction to Cybersecurity

Professor joe Kovacic

January 227, 2023

            Often it can be challenging when developing a security policy. This is due to the steps that it takes to produce a quality security policy that will last for future considerations.  While it may seem like a low pointer on a priority chart, it is a substantially major one. This is especially true for health care workers since it,” has been increasingly targeted by hackers, because patient privacy data is particularly valuable to exploit.” So, what are the steps involved and how should one tackle the art of developing a security policy? 

The first step is to develop an assessment.  The assessment is key and first as it is the best time to do a sweep of the potential risk factors that may resurface down the road when considering a rework.  It is also a perfect time to get all of your information, systems, and other sorts of tools that can be used to scan for vulnerabilities.  After the assessment of information is complete, it is now time to move on to the plan. 

Developing a plan comes second from the assessment as it is the summation of your previous work.  During this step, you will use the previous information that was gathered in order to develop a plan that will be used for the benefit of the company.  An example of what to expect inside of the development plan could include necessary changes that need to occur within the system.  These changes could include vulnerability risks that could cause future damage down the road.  A second example includes the person that will be responsible for implementing the development plan as well as the groups or individuals that will be affected by it. After the development plan is figured out, it is now time to move on to the changes.

Making the necessary changes comes third to putting the steps that you developed previously into action. During this step the person responsible for implementing it all steps in following the priority list while also insuring that everything is done effectively and efficiently.  Examples of completing the previously mentioned steps include patching and adding new controls. Patching would be used to fix any of the vulnerabilities that were found during the assessment while adding new controls would be used to prevent future vulnerabilities that can be accessed through exploitation.  Once the changes are completed, the next step is to evaluate the setup.

After the necessary changes have been completed, it is now best to implement and test the changes in order to gauge a sense of whether or not they will be effective or not.  While this step is in effect is best to turn off the server or system that is being used to avoid infiltration while the systems are being tested.  Testing the systems after implementation is key to ensure that they can be followed and managed by the employees and managers.  After the testing has been concluded, it is now time to monitor the network.

After you have completed the assessment, planning, changes, and testing, the last step is to monitor the network. All of the steps are in play and your final objective is to observe and watch for cyber criminals that may attempt to attack the system.  It is also a good time to observe the server or system that is being used in order to compare the performance to the previous system policy that was being used.  By doing this you will have a generally good idea of what to expect or change when considering your next security policy down the road. 

Creating a security system policy can often be very challenging.  It cannot be an easy decision because it would then allow easy infiltration by cyber criminals and second hand hackers. Ensuring that a well developed assessment of the current situation, proper planning and consideration of a plan, reasonable changes, accurate testing, and the monitoring of the network takes place, will lead you to discover that it is rather simple to a degree. 

References

“How to Develop an Effective Information Security Policy,” Powerdms.com, Published

(December 23, 2020) – https://www.powerdmspolicy.olicy-learning-center/how-to-develop-an-effective-information-security-policy

“How to Understand, Design, and Implement Network Security Policies,” eccouncil.org,

Published ( ) – https://www.eccouncil.org/cybersecurity-exchange/network-security/understand-design-implement-network-security-policies/

Leave a Reply

Your email address will not be published. Required fields are marked *