Description
A recent internal audit uncovered a lack of knowledge on the part of employees and included a finding that this lack of knowledge contributed to a compliance failure for IT security controls related to privacy and data security. The auditors recommended that the company needed to improve its communication of policy changes and revisions to both employees and managers. The auditors also noted that Red Clay Renovations has been experiencing a great deal of change especially with respect to how the company protects information from unauthorized disclosures, including theft of data by cyber criminals. The company agreed with the finding and in its response noted that it has developed a substantial number of new and revised policies, plans, and guidance procedures to help manage the associated risks but that it could improve internal communications about those changes. Now, the company needs to fix the "communications" problem. The CISO has asked you to help develop a communication strategy that can be used to explain the cybersecurity and privacy related policies to a non-technical workforce.
Your Task: Prepare a briefing that identifies your top 5 strategies and explains why you chose each one. Provide examples of the types of policies which need to be communicated to the workforce (use your work for Projects 1, 2, & 3 and your weekly discussion papers). To help you get started, the CISO has suggested that you consider the following methods when developing your communication strategy.
- distribution of printed copies of the policies,
- email distribution,
- web links to an internal Website,
- face-to-face briefing of field office staff and managers (with or without Question & Answer session),
- a company newsletter, or
- other
The company's communications director has also provided assistance -- her list of recommended sources is listed at the end of this prompt.
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. Make sure you use the discussion rubric as well as the above instructions to ensure you include all the required elements in your response.
Here are some sources you can use to read about communication channels for policies.
https://www.tutorialspoint.com/management_concepts/pdf/communication_channels.pdf
https://policies.acu.edu.au/governance/internal_communications_policy#3comchannels
https://clearhrconsulting.com/blog/hr-smalltalk/how-to-communicate-policies-and-procedures/
Explanation & Answer
Attached.
Running head: IMPROVING INFORMATION SECURITY AND COMMUNICATION
Improving Information Security and Communication
Student’s Name
Institutional Affiliation
1
IMPROVING INFORMATION SECURITY AND COMMUNICATION
2
Improving Information Security and Communication
Creating an effective communication channel should be the first strategy to work on.
Through an effective communication channel, junior employees can be able to identify how
upward communication works (Ramirez & Choucri, 2016). The manager can be able to
communicate with their employees while following an active channel. These channels can also
help in the identification of the chain of command. Through this identification, senior employees
can be able to write printed copies like memos to junior employees through their supervisors.
Due to the increase in cybercrimes, the CISO should develop a...