Running Head: CYBER SECURITY PLANNING
Date of Submission:
CYBER SECURITY PLANNING
1. It is very true that the United States and the entire globe face a very critical concern for cybersecurity. Last year alone, according to an investigative report on data breach by Verizon, the company
experienced more than 54,000 cyber-security incidents and 2,300 established data breaches (Eric,
2018). It is therefore essential for every organization or business, no matter how small or how big it is
to come up with proper ways of coming up with a good security policy. In line with this, the
following are five questions I would ask a company pertaining to their security policy.
• Have you conducted a rigorous and comprehensive audit of the policies and assets of cybersecurity around the company?
This is an important question in creating a successful security policy because it is not always advisable for
a company to blindly set up a security policy. It is important to know the assets that the company already
has in its security network. These include all the software programs and the hardware features including
servers among others. Upon assessing the assets, assessing the company policies also including how the
user accounts for their employees are being used, and the login as well as password policies. This will
help know what security policy to put in place.
Have you defined the maturity target of your cyber-security?
This question always helps in knowing the number of resources that the company has and the type of
maturity target the available resources could afford. Maturity targets could be low, moderate, or high
maturity targets. High maturity targets are always expensive and not all companies have got the resources
to achieve such. Therefore it is important to set or define the maturity target of the cyber-security before
setting up a policy for such.
Have you built an IT security team?
Before setting up any policy the first thing to do is to establish an IT security team. This is the team that
will oversee all the implementations of all the policies. No company can set up a cyber-security policy
without an IT security team to oversee its implementations (Wendy, 2019). The team is also responsible
for defining the maturity target as well as performing a comprehensive audit of the already available
policies and assets concerning cyber-security. This question is therefore very important.
Do your company has legal compliance to implement the cyber-security plan or policy?
This question is important since it keeps the company on toes in ensuring that it is working within the law
when they will be implementing the necessary cyber-security policy. For instance, they will be needed to
protect the technology and data by implementing written procedures and policies in accordance with the
HIPAA Security Rule.
How do you treat your security plan? It is as a ‘one and done’ plan or as a ‘living document’?
It is always advised that the com...