Can someone help by writing replies to each of the answers below? Write your own thoughts at least 100 words each.
1.)What is the difference between a policy and a guideline or guidance document? Give an example.
I believe one of the key differences between policies in guidelines is the type of direction each one gives. For example, a policy is a statement would contain that something must be done. For example, information that is classified as For Official Use Only (FOUO) under policy should not be shared outside the organization unless there is a need to know or has been approved for public release. A guideline for example would be that employees should know the classification of all data that is owned, generated, or used by their organization. Policies are meant to be high level standards for an organization. They’re meant to be somewhat broad and have a wide interpretation. Another example to help differentiate between the two would be an organizations stance on computer security. A policy would be all employee assigned machines require an up to date virus scanning application, whereas a guideline would be every Friday a full scan should be kicked off. In regards to enforcement think of a policy as an absolute, where guidance is more of a best practice that should be followed. A policy outlines a specific set of requirements that must be met, and the guidelines are strongly recommended but do not hold the same level of enforcement as the policy.
Sans.org,. SANS - Information Security Resources | Information Security Policy Templates |. Retrieved 15 January 2016, from https://www.sans.org/security-resources/policies/
Wood, C. (2005). Information security policies: Distinct from guidelines and standards. SearchSecurity. Retrieved 15 January 2016, from http://searchsecurity.techtarget.com/feature/Information-security-policies-Distinct-from-guidelines-and-standards
2.) Guidelines are documents that seek to simplify a set of processes with regard to an established habit or practice.(Difference between, 2016). Guidelines are merely that, a guide that people should follow, but are not mandatory whereas a policy is expected to be followed since it is either a law or an expectation that is required within an organization. This means that a policy is defined as intentional map of actions that serves to guide an organization or group in decision making or in attaining positive results and since they are mandatory, policies are more synonymous to protocols, rules and are similar to the executive orders or decrees mandated by the head of the state. (Difference between, 2016).
An example of a guideline is a situation where an organization says all employees must complete their time sheet within a pay period. A policy would be one that states that covers well-regarded areas such as sexual harassment. These are things that protect the organization by law.
"Difference Between Guideline and Policy." Difference Between. Difference Between, 27 Dec. 2009. Web. 12 Jan. 2016.
3.)Innovation plays a critical role in Cybersecurity and all aspects of the Information Technology industry. New fresh ideas fuel solutions that make us more efficient and tackle areas that may not have been covered previously. Innovation is typically the result of concepts that improve on a situation that has been identified by a group or individual. It is a new idea. (Merriam-Webster, 2016) Secretary Ashton Carter has released his plan to have government partner with the corporations in Silicon Valley to help drive new innovations that will help protect the national infrastructure and both public and private data. (Duff-Brown, 2015) He goes on to mention how criminals use technology to commit their crimes which in some form is the use of innovation. The steal government data as well as private industry data to include consumer personal data. We must develop new methods of protecting our critical infrastructure from possible terrorist as well as the data from would be hackers. (Duff-Brown, 2015)
Not only does innovation drive more efficiency and better security for our infrastructure but it also drives industry jobs and international competitiveness. As a nation we rely on bright new ideas to generate goods and services that help us remain ahead of other countries. When we are first to market we generate revenue and taxes that help the economy. Innovation is good for the country in a number of capacities and these are just a few.
Often we find that educational institutions are huge contributors of new fresh ideas and innovation. Schools like MIT, Stanford, Berkeley and Carnegie Mellon have made countless contributions to American innovation. (Mitra, 2009) There have been many contributions from private companies and even individuals sometimes backed by government funds.
It is with innovation that organizations can begin to evaluate and manage risk. Risks to cybersecurity can become insurmountable without some way of dividing and conquering at least some of them. Where one person sees the impossible another sees opportunity. As we act on our concepts and ideas we develop ways to mitigate risk and reduce our exposure for various areas.
Duff-Brown, B. (2015, April 24). At Stanford, Secretary of Defense Ashton Carter unveils cyber strategy, calls for renewed partnership with Silicon Valley. Retrieved from Stanford News: http://news.stanford.edu/news/2015/april/ash-carter-talk-042415.html
Merriam-Webster. (2016, January 13). Innovation Definition. Retrieved from Merriam-Webster Dictionary: http://www.merriam-webster.com/dictionary/innovation
Mitra, S. (2009, April 03). Key To Innovation: Universities. Retrieved from Forbes Magazine Online: http://www.forbes.com/2009/04/02/universities-innovation-government-technology-enterprise-tech-universities.html
4.) Innovation plays a huge role in the cybersecurity industry. The threats that companies, citizens and governments face are constantly changing. As such, the strategies used to counter these threats must also be constantly changing. Constant innovations allow us to keep pace and attempt to get ahead of any cyberthreats. The major developers of cybersecurity related inventions are normal, everyday people. Somebody could be carrying out a routine task and suddenly stumble upon a new way to do something. Anybody could get an idea that would benefit cybersecurity defenses, pursue it and turn it into the new strategy to help counter threats. Some of the students in this class may (or could have already) develop something that will become the new norm before too long. The cybersecurity world is constantly changing and oftentimes, even the smallest change may bring about strengthened defenses and a better way of doing something. When evaluating innovations, one must always consider the risk versus the benefits. The key to a good innovation is eliminating some of the risk, while ensuring that any risk that remains can be properly handled and dealt with. Innovations in the cybersecurity domain can lead to our nations defenses being more secure against anybody who may wish to do us harm.