Cybersecurity Policies

Results from the third round SIMTRAY simulation of Day 1 to Day 3 recorded the following 74%, 73%, and 66% respectively. For Day 3, the best I could get was 66% as the first simulation scored a disturbing 36%. 

Day 1 was useful in analyzing the challenges of security breaches, often suggesting the level of technical and countermeasures that would aid in regulating these attacks. Day 1 also invited consent prevention of intentional and unintentional security events that further surrounds logical access provisioning, transfers, and de-provisioning which, further include possible security awareness.  Day 1 learning point illustrates the essence of cybersecurity policy since it helps in defining the service level agreements where a third-party client is involved.  AICPA (2017) advises the publishing of security policies on the organization intranet, both included onboard packages that are reiterated through annual training. The security policy is closely related to the relationship with vendors and business partners that are enforced through contractual commitments.

The second day educated more on the physical threats, presenting the need to learn to handle security breaches within the enterprise system. Emphasis was placed on the nature of the password, and workplace, as well as audit, IS events, documentation, and IS incidence response policies. Donaldson et al. (2018) include cryptographic capabilities, encryption, signature, and biometric key management, useful in administrating authentication. Day 2 results also required workplace organization, regulation of the working staff, information resources access control regulation, possible automation system development, cryptographic information security systems, as well as regulation on corporate information system structuring. Day 2 also enlightened on the nature of identity theft, questioning the need for another type of security approach such as biometric authentication, part of which was in tandem with Donaldson et al. (2018) interests of building a successful enterprise cybersecurity system.

The third day questioned fully on cybersecurity laws, specifically pointing on the legal assistance towards bridging gaps in security management. It also addressed the high need to bridge gaps in compliance management and reporting based on feedback opinion of compliance management, bridging gaps of personnel security, and handling untrustworthy personnel while maximizing benefits of the personnel positions (Garrett, 2019). There is also a need for bridging gaps in training and accountability within the enterprise staff. The legal approach enhances organization security doubling on competitiveness strengthening organizations ability to develop service level agreements.

References

American Institute of Certified Public Accountants, (2017). Guide – reporting on an entity’s cybersecurity risk management program and controls.

Garrett, G. A. (2019). Cybersecurity in the digital age: Tools, techniques, and best practices.  Riverwoods, IL: Wolters Kluwer, 2Donaldson, S. E., Siegel, S. G., Williams, C. K., & Aslam, A. (2018). Enterprise cybersecurity study guide: How to build a successful cyberdefense program against advanced threats. New York, NY: Apress,