Discussion-13

 
Topic 

Establishing security policies within an organization is a necessary endeavor. However, it is fruitless unless the information is effectively disseminate. How would an organization go about getting this information out to the masses?

Instructions
1) APA format
2) References
3) Body Citations
4) No Plagiarism 
5) 350 words
6) 2 responses (each 150 words)

Reponse(Anoop)

 
The security policy should be an integral facet of the organization’s operations, rather than the sum of its parts. The policy can be defined, written, edited and disseminated and the information should be disseminated. The policy should be written and implemented to ensure continuity of information. It’s essential that an organization have an effective process for establishing the security system. This process needs to be well designed, well developed, well documented, and it also needs to be monitored for accuracy. The information to the masses is the result of this process. The security system needs to be reviewed and updated regularly to maintain integrity and accuracy to its users. An organization must have adequate staffing, including information security and intelligence personnel, to ensure the security of its information. An organization must also have an internal audit and review process. An organization must have a process for assessing the risks that exist in its information and for the implementation of mitigation strategies.
An organization must have processes for establishing secure information networks (e.g., firewall, proxy, and VPN) with adequate bandwidth, processing power, and security capabilities. An organization should also have procedures for securing and maintaining its information. These processes need to be implemented and monitored continuously to ensure the confidentiality and integrity of information. These processes need to be updated regularly. An organization should have procedures for implementing security measures that are necessary and appropriate, and not just reactive. Procedures should ensure the availability and functionality of security-related information, including the integrity of network, application, and user access; access to information; and the availability and functionality of data storage, storage access, application access security, application access, and user access security. An organization must also have procedures for conducting audits, as these processes provide visibility of security systems.
An organization must also have procedures for conducting security incident response. An organization must have procedures for implementing and maintaining information security awareness training. An organization should have procedures for evaluating the efficacy and relevance of any training programs and the appropriateness of any training programs. The organization must have a process for determining and recording all significant events that occur in an organization. An organization must also have the ability to analyze the information for the purpose of developing a list of all significant events that occur or occur in the organization.

Response(Hari)

 
The security policies are the way that the information is disseminated. This can be for many reasons such as a security awareness program (SAP), or a cyber security policy. In any event, what this does is to provide the information out to the masses. This does not make it secure in anyway. If you have a security awareness program, it has no way of getting the information out to the masses. The other way that such policy can be disseminated is through other security measures. For example, if a cyber security policy has information that allows the information to be encrypted, then the information is not easily available without the decryption key which has been provided by the organization.

The organization is also responsible to ensure that the information is encrypted with the highest encryption standards in the industry. This helps to insure the security of all the information and also allows the information to be securely stored. A lot of organizations are now encrypting data with high standards. These standards are in the form of encryption keys that can only be given to those who have the encryption key to access the information. This is because if the organization is breached by a cyber attack, they have not been provided the information yet. This also helps to insure the security of all data stored within their organization.
It is important to note that when an organization is encrypting its data then, it is important to do it in a secure way. The encryption key must always be kept secure for those that can access the organization. When an organization is encrypting its data, this can be done within the organization itself or using cloud storage. In both cases, the information has to be provided only to those with the encryption key for access to the information. This can be done by the organization itself or using cloud storage such as the companies mentioned in the previous paragraph. In both cases the organization is also responsible to ensure that the encryption keys are in a safe location so that the keys are not shared with any party for sharing the key. If the organization does not have the encryption keys to access the information, they will have to send them out to the organization. There are also some methods that can be used to help increase the security of the information being encrypted