Information Security Policies, Procedures, and Cybersecurity

Cyber Security
Name:
Institution:
Course:
Date:
Introduction
As a cyber-security professional, having the in-depth knowledge of the industry is a key element to helping the company stay ahead of the risks within the cyberspace (Bou-Harb, Lakhdari, Binsalleeh & Debbabi, 2018). This means as a professional, it is not only the technical knowhow that counts but also being informed on all the current news and developments within the industry (Lai, Chen, Liu, Yang & Li, 2018). Being in a position to identify the system vulnerabilities in the organization through risk management strategies and reducing their impact on the operations of the organization are key elements of the daily responsibilities of a cybersecurity professional (Casey, Katz & Lewthwaite, 2018). To achieve this, there is need for there to be some established policies, procedures, standards, guidelines as well as controls within the organization. These are the pillars for achieving the cybersecurity objectives. Every other employee also needs to understand the impact that this has on the organization and as such, follow guidelines established for every other operation.
Terminology
To better understand the impact that the various elements have in any organization relative to cyber security, it is important to establish the meaning of the main elements. Policy for example relates to the set of plans or ideas which have been used as the basis for making various decisions within the organization (Food and Agriculture Organization, 2018). This is especially the case where, aspects such as business, economic and politics are concerned. On the other hand standards are quite different, given that they refer to a level of quality or even achievement that is considered acceptable. It important to note that, standards are more of level of quality that are considered to be achieved by ever other employee in the organization. For example, standards in the security practices, may require that only staff within the IT department have clearance for certain activities on the system. At the same time the IT staff may also have different levels of clearance, which are strict standards that have to be followed without question. Policies are the basis on which such decisions to for the different levels of clearance. Procedure on the other hand relates to a way of doing something. For example when accessing the database, there are the steps that every other staff has to follow to gain access. This is different from standards, given that the latter is associated with quality levels. Procedure is more of the steps that are designed and established to be the correct way of a given process. This can also be associated with the steps that an IT professional at the company will follow to determine if the system has been compromised. Guidelines are on the other hand considered principles that set the standards or used in the determination of the course of action. Control in an organization relates to the power to make important decisions. It is more of the authority that exists within the different ranks to make the decisions within the organization and all of the above (Collins Dictionary, 2018).
‘Cyber criminals are endlessly innovative and the threats they r...