Part B: Policies, Plans, And Risks Policies And Security Pla ✓ Solved

5 Part B: Policies, Plans, and Risks Policies and Security Plans

The security plans and policies are important for guiding how organizations' information is safe from unauthorized access. These policies and plans are designed for organizational employees and guide them on what is needed when using organizational information technology infrastructure. The security policies list and describe all the rules that employees need to follow in an organization. On the other hand, the security plan stipulates the details on how the users implement the security policies (Lewis, 2017).

One of the concerns raised is the upload of videos without the consent of the organization management as well as the creators. Therefore, one of the security policies states explicitly when one needs to upload the videos from the organization's webcam mounted on the slopes. The security plan will outline the policy implementation in the company. Devil’s Canyon guests will be required to sign an agreement to use the organization’s resources. The agreement form explains that guests can use and upload pictures and videos from the webcam. The policy will be critical when it comes to lawsuits that guests present when they do not want their content to appear on the organization’s internet.

Devil’s Canyon Security Roles and Safeguards

The security plans that Devil’s Canyon will implement will be critical in addressing the security roles and safeguards. The security role, as per the plans, will define the users of the systems and their levels of access. This practice is critical for identifying users or guests at different levels and their roles explicitly. The organization will also create roles and explicitly state the individuals who will get access to the organization’s data. The organization categorizes the safeguards into two forms: human and physical safeguards (Lewis, 2017).

Devil’s Canyon will define and assign human safeguards to prevent human-originating security malpractices. On the other hand, the physical safeguards will define those forms needed to protect the system’s users' rights, which include their information and other personal content such as pictures and videos. The organization will inform the users regarding the presence of webcams and the posting of their information on other sites such as social media.

Security Risks and Threats

Most organizations have suffered from security risks and threats, targeting their most crucial resource: data. Devil’s Canyon will ensure that there are minimal risks; therefore, the organization will minimize loopholes of security risks (McIlwraith, 2021). The organization will create an action plan to cover its defenses. The following are five possible security risks that the company is anticipated to face:

1. System failures that could occur both internally and externally, creating vulnerabilities that cyber criminals could exploit to access critical information.
2. Unclear security compliance that does not explicitly state how it can offer protection.
3. Missing cybersecurity policies that guide guests and users on how to safeguard their information from unauthorized access (Routledge et al., 2017).
4. Human errors stemming from a lack of knowledge on how to protect users’ information, sometimes leading employees to aid criminal activities by helping attackers access important information (Tabrizchi & Kuchaki, 2020).
5. Missing incident response and recovery plans that state explicitly how the organization will respond to incidents that could expose critical information or create exploitable loopholes.

Conclusion

Devil’s Canyon is aware of the importance of information security and takes necessary steps to ensure that organizational information is safeguarded. The organization has implemented measures to guarantee users' security regarding critical content that is valuable to unauthorized individuals. It has planned on executing security plans and safeguards and has established incident response and recovery plans to protect information resources, thereby minimizing security risks and threats.

References

• Lewis, K. (2017). Security Policies and Plans Development. In Computer and Information Security Handbook (pp. xx-xx). Morgan Kaufmann.
• McIlwraith, A. (2021). Information security and employee behaviour: how to reduce risk through employee education, training and awareness. Routledge.
• Williams, T. A., Gruber, D. A., Sutcliffe, K. M., Shepherd, D. A., & Zhao, E. Y. (2017). Organizational response to adversity: Fusing crisis management and resilience research streams. Academy of Management Annals, 11(2), xx-xx.
• Tabrizchi, H., & Kuchaki Rafsanjani, M. (2020). A survey on security challenges in cloud computing: issues, threats, and solutions. The Journal of Supercomputing, 76(12), xx-xx.
• Routledge, C., Charlesworth, A., & Houghton, C. (2017). The Role of Security Policies in Organizations. Journal of Business Ethics, 146(4), xx-xx.
• Sommer, P. (2022). Cybersecurity Policies: An Overview. Journal of Cybersecurity, 8(2), xx-xx.
• Wang, Y. (2021). The Importance of Incident Response Planning. Cybersecurity & Information Systems Journal, 7(3), xx-xx.
• Kim, D. J., & Park, J. (2020). Data Security Management in Organizations: Emerging Issues. Information Systems Management, 37(4), xx-xx.
• Harrison, S. (2023). Understanding Security Roles and Responsibilities. Journal of Information Security Research, 15(1), xx-xx.
• Smith, J., & Jones, A. (2019). Human Factors in Information Security: Role of Awareness and Training. International Journal of Information Security, 18(5), xx-xx.