Assignment 1: Creating and Communicating a Security Strategy

Student’s Name
Tutor’s Name
Course
Date
Creating and communicating a security strategy.
For a seamless implementation of a security strategy, it is important that an organization identifies its most valuable and sensitive data and information and evaluate the available systems. With the advancements in information technology, organizations are equipped to manage any information security breaches, disaster or leakages. However, to efficiently implement these strategies, logical and physical measures must be implemented through policies and procedures and communicated effectively to the organization’s hierarchies.
Elements of a good security strategy.
A good security strategy must incorporate the following elements in its policies, procedures and the physical information systems. First, it must clearly and concisely define the vision of the organization security wise, touching on elements of integrity or confidentiality. It must also define the enforcement and breach handling mechanisms to be employed by the organization. It must also define, identify and assign responsibilities and how to utilize network resources of the organization. A good security strategy must provide information on security profiles and its implementation guidelines across all access devices and points such as servers. The protection of any information system infrastructures requires the implementation of policies on passwords. Thus every information security strategy must have password creation and maintenance guidelines, backup and recovery process, firewall and virus protection policies and internet usage policies.

Ways of communicating and enabling a security strategy in an organization.
Effective communication of an information security strategy is crucial for any organization as it helps the workforce to understand the eminent information system threats and the measures put in place to help protect against them. To communicate effectively with the employees, every organization must tailor its message appropriately considering such factors as demography and experience levels which can be done through the use of varying communication methods. The information must also be tailored in a practical, personal and relatable way by use of real-world examples and encourage self-policing culture, information and knowledge exchange within the workforce (Safa et al. 3). The organization should also equip the workforce adequately with information security tools and train them on how to use and apply them for the achievement of the organization’s goals.
Works cited
Safa, Nader et al. “Information security policy compliance model in organizations.” Computers & Security 56 (2016): 70-82. Retrieved from http://eprints.um.edu.my/15147/1/Information_security_policy_compliance_model_in_organizations.pdf on Oct. 27th 2018.