Studies indicate that while attacks on computers by outside intruders are more publicized, attacks perpetrated by insiders are very common and even more damaging.Janczewski (2008) says that being able to identify employee’s behavior that might enhance or hinder Firion’s security is significant given that today employees tend to be regarded as the weakest link of organizational security. Firion should capture the behaviors normally exhibited by employees in order to determine if they are malicious or beneficial to the company. In today’s information age and society, information technology end user communities mostly consist of employees. This fact increases the amount of human mistakes within an organization (Janczewski, 2008). Firion management should not ignore employee’s behavior because they are responsible for insuring the sensitive information’s security and privacy.
Brief History of the Company and Industry
Buy Public Policy Issues for Privacy and Liability to Security Goals essay paper online
The Firion Corporation manufactures, fabricates, and sales particular jackets worn in waste dumping and additional protection interrelated applications. Located at a study laboratory near a big university, Firion Corporation manufactures latest glove blueprints and coverings, which are vended through comprehensive and small retail outlets. Firion also controls a number of plants and store in diverse parts of the country. Firion’s Corporation expansion procedure is proprietary and if exposed to its rivals could potentially cause a momentous loss of status and income. Security policy structure as it relates to individuals is more multifarious than procedures designed to constitute a firewall or file share authorization. Compared to computers that merely process ones and zeros, individuals need to appreciate the rationale and aim of a specific security policy.
Human Factors related to Cyber Security Policy
The inadequacy of many existing security solutions to address real life human behavior presents the company with a set of challenges on how to better incorporate human factors into solutions (Probst, Hunker & Gollmann, 2010). Firion Corporation’s important problem is to align security policies with organization workflow, or stated simply, security should support people doing their jobs. According to Probst, Hunker & Gollmann (2010), compliance with security policies of Firion is hard; to make compliance easy for insiders is absolutely necessary for any successful effort to constrain insider threats. Probst, Hunker & Gollmann (2010) says that successful security for Firion Corporation needs to demonstrate to insiders the value of security not just the requirement for security.
Motive and intent matter a great deal but multiple motivations may map into a single intent. Policies need to be shaped and evaluated in terms of their human impact. Probst, Hunker & Gollmann (2010) indicated that the psychological contract with employees generally means that policies need to be made more manageable and that there is need to find a way of testing policies to remove redundant policies. The ideal would be a small set of consistent security policies related to behaviors, and fit with business processes and organizational values and norms. Probst, Hunker & Gollmann (2010) explained that failing to engage staff in secu8rity may be the norm, but this lack of engagement weakness security.
Security will only work for Firion Corporation when people feel that they are part of a larger community. Firion should conduct specialized internal exercises with most or all the insiders to identify both the set of useful and acceptable policies, and unique context which may result in generalized policies in conflict with organizational needs. Probst, Hunker & Gollmann (2010) noted that many suspicious activities which can be observed are correlated with insider threat behavior, but not causally linked. For the company, security is context dependent. The importance of context in addressing insider threats poses a number of challenges. According to Probst, Hunker & Gollmann (2010), capturing qualitatively the various situations that might arise in Firion is itself probably impossible, though effective dialogue between those defining security controls and those working as insiders in the company will eventually help.
Human factor does play its own role in relation to the issues that are being posed by technology itself. Sundaram & Umarhathab (2011) indicated that all technologies alone will not be able to be utilized to its most potential without the intervention of human factor, like the policies and procedures.
Public Policy Issues for Privacy and Liability to Security goals
It is the policyof Firion to prevent and minimize disruptions to critical infrastructures and thereby protect its employees, essential and critical company information and ensure secure transmission of company information across the board. Choi & Fischer (2005) indicated that disruptions that do occur should be infrequent, of minimal duration and manageable and cause the least damage to the company. Public policy issues for privacy and liability to security goals as indicated by Choi & Fischer (2005) requires a continuous effort to secure information systems for critical infrastructure and therefore should take into account public and private partnerships.
As Firion Corporation moves to security of its information in the cyberspace, the CIO of Firion should note that most critical infrastructure is in private hands yet problems in these sectors arising from inadequate cyber security could nave implications well beyond the company itself. Choi & Fischer (2005) argues that the growing amount of personal information including financial information that is communicated through cyberspace makes it increasingly attractive to thieves and other criminals, making law-enforcement function of company more relevant to cyber security.
Cyber Security Policy for Firion Corporation
The purpose of this policy is to provide guidance that limits cybercrime within the company through the use of corporate, computational, functional and security baselines that have received substantial public review and have been proven to work effectively (Rittinghouse & Hancock, 2003).
This policy applies to all Firion Corporation employees and affiliates.
The cyber security policy has three main elements which include internal policy content, a discussion on compliance and monitoring and an enforcement component (Westby, 2004). Firion Corporation employees must understand that the company’s security policies are taken seriously and set parameters for the performance of their responsibilities (Rittinghouse & Hancock, 2003). There are four levels of security policies that Firion should apply and they include corporate, functional, computing and security baselines.
These are overarching statements regarding the operations of Firion. This type of security seeks to cover topics such as acceptable use of technology, e-mail, use of wireless devices, remote access, protection and non-infringement of intellectual property (Westby, 2004). This section should also address digital risk management and business continuity and they should be concise, easy to understand, enforceable and static.
Functional security will govern operational functions of Firion Corporation. Westby (2004) says that the functional policy will be ensure that all information has elevated protection, be authorized by chief information officer before dissemination. The policy further clarifies that the CIO states how information is encrypted and instruct his personnel which destination the information should be send to.
This type of policy will establish standards for the computing environments within Firion Corporation. This policy is incline within ensuring cyber security is achieved within the organization. The policy states that network should be available and reliable 24/7, designated security software should be availed for the server environment, use of public and private key encryption standards for PC and laptops. The policy also requires that backups should be conducted daily to achieve business continuity requirements (Westby, 2004).
This type of policy sets the minimum security requirements for the daily operating environments within Firion Corporation. The security baseline policy states that employees should utilize strong password content controls and they should the company’s recommended authentication and authorization technologies (Westby, 2004). The security baseline policy defines how to handle cyber attacks, investigations, and anomalies and states what information must be recorded and tracked.
Any employee found to have violated this policy might be subject to disciplinary action up to and including termination of employment.
How each Policy Item can help Mitigate Threats to Security Goals
Security is only as good as its weakest link and people are the weakest link in the chain. Gori (2009) says that while the human factor is generally accepted as a significant issue by the security community, because most users interact with computer on a daily basis. Gori (2009) further comments that common security mechanisms have failed to acknowledge even the rudimentary usability and human computer interaction design principles such as minimizing user’s mental workloads, task context or an understanding of user motivation and self-image.
The security baseline policy helps mitigate threat in that people within the company are forced to change their passwords. The company ensures that when security conflicts with a user’s production task, they often respond by circumventing security mechanisms and perceive security as something that does not make their life difficult (Gori, 2009).
For functional security policy, Firion’s CIO should note that if he was to strengthen cyber security, the problem must be viewed as more than a technical challenge. Gori (2009) says that for the functional security policy to work, security as a system must be engineered around the people who use it, the context within which it is used and it’s surrounding environmental conditions.
Computational security policy will the company to ensure that the security systems of the future are highly convenient, largely transparent to end users, fully integrated across security domains, threat aware and able to modify security policies. Gori (2009) noted that computational security can help mitigate threats by ensuring that identity, files, systems and facilities are consistently secured in a manner that maintains their privacy, yet alerts them when a potential breach has occurred. Through the computational security policy, users will be required to remember as few things as possible in order to access the company’s systems.
In conclusion, there are two major components necessary to ensure the wellbeing and security of any organization. These include the use of appropriate policies and technologies and appropriate employee’s behaviors which is also commonly known as the human factor. This means that managers play a vital role in exploiting these components. Janczewski (2008) thus says that the human factor calls for managers to be even more cognizant of behavioral issues relevant to cyber security and pay closer attention to the critical role every employee plays in the protection of Firion’s company information. The human factors in organizations such as Firion can help the company have a clearer grasp of employees’ behaviors and decrease cyber security threats.