It is imperative that cybersecurity roles and responsibilities within an organization need to be clearly defined and communicated from the top-down, meaning all levels of technology users. Chief Information Officers, system owners, privileged users, and standard users have different sets of responsibilities to protect data, report incidents, and be aware of the cybersecurity risks they face. Also, the organization should ensure that all personnel and partners are provided cybersecurity awareness training so that their responsibilities are understood and consistent with cybersecurity policies, procedures, and agreements (NIST, 2018).
By first identifying its business objectives and priorities, an organization can begin the decision-making process for cybersecurity implementation, regulatory requirements, and risk approach. After determining the scope of the plan, the responsibilities may differ for types of organizations. For example, if a merchant organization handles payment card data, they need to comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements. Those organizations processing patient information must comply with the Health Insurance Portability and Accountability Act (HIPAA) regulatory standards. If an organization deals in private user information, responsibilities will include incorporating policies that comply with privacy laws into the cybersecurity plan, such as data collection minimization, disclosure, and retention of personal information material related any cybersecurity incidents (NIST, 2018). Policies and procedures should also cover physical security, account authorization and authentication, incident response, and business continuity planning (Every, 2008).
Lastly, there should be an enterprise approach to consistently audit and monitor both cybersecurity risk to organizational assets and the regulatory, legal, environmental, and operational requirements.
The business continuity management (BCM) standard ISO 22301 is called the Societal security – Business continuity management systems – Requirements. It provides a framework of international best practices and facilitates cyber incident and crisis management (ICM) and BCM to be integrated into organization-wide risk management and response plan for cyber incidents (Antonucci, 2017). Six sections required to certify a BCM against ISO 22301 are leadership, planning, support, operation, performance evaluation, and improvement.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more