Security policies are defined as high-level mechanisms which identify priorities and procedures and provide blueprints for the security program as a whole. Besides, by specifying mandatory requirements and controls, security protocols are needed to achieve policy objectives or goals. The methods or procedures used to maintain and upgrade these policies include periodically updating, recommending changes, verifying legal compliance, and communicating changes made. Keen observation of the above procedures is critical for the efficiency of any policy framework.
The security policy and standards define what it entails for the company, program, or individual to be protected. The policy also describes the purpose, such as a company’s objectives or priorities, while standards specify the regulations to achieve the aim. Technology and laws are evolving in the working environment, demanding that policies and practices be maintained and revised to remain relevant and efficient (Bhardwaj et al., 2016). The following are the procedures to maintain and upgrade these policies and guidelines. One, policies and standards are necessary and are to be checked regularly for the preservation of consistency and relevance. Their regular maintenance ensures the company’s guidelines and plans continue to comply with priorities and objectives (Banach, 2018). Two, after the plan for the improvements, are found, the company should draft and implement the revisions (Upadhyay & Nene, 2016). Three, once the necessary changes are completed, the company should conduct its due diligence to ensure the information complies with any relevant law. Communication regarding the changes should be conveyed to all employees.
The Central Intelligence Agency (CIA) triad is the leading security principle that should be considered when designing a security policy. The CIA triad ensures data is protected through the three primitive tenants, and these are confidentiality, availability, and integrity. The CIA triad is essential as it promotes critical security features, helps avoid compliance problems, and maintains business continuity (Manousakis & Ellinas, 2016). It promotes security policies and determines what, who, and why the required behavior relates to, and advances the company’s overall security position, as it guarantees data security and proper usage of information.
The first student talks about the company policies and procedures and why it is critical to change them, and I do support the post completely. A frequent review of policies and procedures keeps the company’s regulations, technologies, and best practices up to date. Policy analysis assures the integrity and efficacy of the policies (Laubenthal, 2017). Policies are indeed dynamic, as they keep on changing. Any business should make a point of continually reviewing its policies to keep up with the ever-growing market competition. Effective and up-to-standard procedures will drive the business to tremendous success. Company policies also strengthen and clarify the businesses’ usual operating process. Well-drafted policies allow employers to handle workers more effectively by clearly identifying appropriate and unacceptable behaviors in the workplace (Tricomi, 2020). The post has clearly and effectively elaborated on the policy change process. It has also enlightened us as to why this change is necessary.
The second student talks about specific policies and standards found in the workplace and the processes needed to maintain and update them. These policies also help protect the organization against external and internal risks. The post explains different policies found within the business, for instance, the workplace policy, which is the leading and top priority policy (Adlakha, 2019). As the post claims, this policy not only protects the company from risks and dangers but also looks at the welfare of the employees.
The student has also mentioned the Reassessment Security Principle, which is a security procedure that helps to protect and safeguard information systems and technologies in a company. I support the post’s argument, which requests for a greater need for the security principle to be subjected to constant assessment. It is because new threats which target systems and networks are encountered every day (Odeyemi & Obiyan, 2017). Such an assessment will ensure effective and safe operation, which promotes productivity and efficiency in a company.
References
Adlakha, D. (2019). Burned out: Workplace policies and practices can tackle occupational burnout. Workplace Health & Safety, 67(10), 531–532.
Banach, A. (2018). How to maintain & update policies & procedures. Career Trend.
Bhardwaj, A., Subrahmanyam, G. V. B., Avasthi, V., & Sastry, H. (2016). Design a resilient network infrastructure security policy framework. Indian Journal of Science and Technology, 9(19), 1–8.
Tricomi, C. (2020). Policies, procedures, and standards. Bpminstitute.
Laubenthal, B. (2017). Introduction: Labour migration in Europe: Changing policies – changing organizations – changing people. International Migration, 55, 3–10.
Manousakis, K., & Ellinas, G. (2016). Attack-aware planning of transparent optical networks. Optical Switching and Networking, 19(2), 97–109.
Odeyemi, T. & Obiyan, A. (2017). Exploring the subsidiarity principle in policing and the operations of the Nigeria Police Force. African Security Review, 27(1), 42–60.
Upadhyay, G., & Nene, M. J. (2016). One time pad generation using quantum superposition states. In 2016 IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT) (pp. 1882-1886). IEEE.