Read Cybersecurity: How Prepared Are You By Francis From Enr

Posted on December 27, 2025

Read Cybersecurity How Prepared Are You By Francis From Enr Eng

Read "Cybersecurity: How Prepared Are You?," by Francis, from ENR: Engineering News-Record (2016). Despite the rise in cyberattacks over the last 10 years, many organizations still do not have an established security program. Identify five key areas that should be included in any strategic plan in the development of a cybersecurity program. Explain why these items are critical.

Paper For Above instruction

Cybersecurity has become an essential aspect of organizational management due to the increasing sophistication and frequency of cyberattacks. In his article “Cybersecurity: How Prepared Are You?” Francis (2016) highlights the deficiency in strategic planning for cybersecurity across many industries and emphasizes the importance of implementing comprehensive security strategies. Developing a robust cybersecurity program requires a deliberate focus on several key areas that collectively secure organizational assets, protect sensitive information, and ensure operational resilience. This paper explores five critical components that should be integral to any cybersecurity strategic plan: risk assessment, security policy development, employee training, incident response planning, and system monitoring and updates.

1. Risk Assessment

Risk assessment is foundational to any cybersecurity strategy because it helps organizations identify vulnerabilities and potential threats to their information systems. Francis (2016) stresses that understanding the specific risks faced by an organization allows for prioritization of resources towards the most critical vulnerabilities. Conducting regular risk assessments enables organizations to keep pace with evolving threats and tailor their defenses accordingly. This process involves analyzing digital assets, assessing threat likelihood, and evaluating potential impacts, which collectively inform the development of targeted security measures. Without a comprehensive risk assessment, organizations are essentially flying blind, leaving critical gaps that cybercriminals could exploit.

2. Security Policy Development

Developing clear, comprehensive security policies is vital in establishing a security culture within the organization. As Francis (2016) highlights, policies define acceptable use, access controls, password management, and data handling procedures. Properly communicated policies provide employees with guidelines to follow and act as a basis for enforcement, reducing the likelihood of accidental breaches or internal threats. Moreover, security policies set the tone from leadership, demonstrating organizational commitment to cybersecurity. They also serve as a reference point during investigations or audits, ensuring consistency and accountability across the enterprise.

3. Employee Training and Awareness

Humans are often considered the weakest link in cybersecurity, making employee training and awareness programs critical components of a security strategy. Francis (2016) emphasizes the importance of educating staff on recognizing phishing attempts, adhering to security protocols, and understanding the importance of data protection. Regular training sessions and simulated phishing exercises can significantly reduce the chances of human error leading to security breaches. Cultivating a security-conscious culture empowers employees to act as the first line of defense, thereby limiting the success of social engineering attacks and fostering a sense of shared responsibility.

4. Incident Response Planning

Despite best efforts, security incidents are virtually inevitable; therefore, having a well-defined incident response plan is crucial. Francis (2016) advocates for organizations to prepare in advance for potential breaches by developing procedures for identifying, containing, and mitigating cybersecurity incidents. An effective incident response plan outlines roles and responsibilities, communication protocols, and recovery procedures to minimize damage and ensure swift resumption of operations. Regular testing of these plans through simulations ensures that team members are familiar with their roles and can respond effectively, reducing the overall impact of cyberattacks.

5. Continuous System Monitoring and Updates

Cybersecurity is an ongoing process rather than a one-time setup. Francis (2016) underscores the importance of implementing continuous monitoring strategies using intrusion detection systems, security information and event management (SIEM) tools, and regular system updates. These measures help detect suspicious activity in real-time and respond quickly to potential threats. Additionally, keeping systems patched and updated closes known vulnerabilities that attackers often exploit. Regular monitoring and updates form a dynamic defense mechanism that adapts to emerging threats, ensuring your organization remains resilient against evolving cyber threats.

Conclusion

Implementing a comprehensive cybersecurity strategy is critical for organizations to safeguard their digital assets amidst escalating cyber threats. Risk assessment, security policy development, employee training, incident response planning, and continuous monitoring are five essential areas that provide a structured approach to cybersecurity. As Francis (2016) suggests, organizations that neglect these core components leave themselves vulnerable to attack, potentially facing severe financial and reputational damage. By prioritizing these areas, organizations can develop a proactive security posture that not only defends against current threats but also adapts to emerging risks in an ever-changing cyber landscape.

References

Francis, G. (2016). Cybersecurity: How prepared are you? ENR: Engineering News-Record.
Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley.
Schneier, B. (2015). Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W.W. Norton & Company.
Nash, R. (2019). Information Security Policies and Procedures. CRC Press.
Ponemon Institute. (2021). Cost of a Data Breach Report. IBM Security.
ISO/IEC 27001:2013. Information technology — Security techniques — Information security management systems — Requirements.
Cybersecurity & Infrastructure Security Agency (CISA). (2022). Implementing a Cybersecurity Program.
Vacca, J. R. (2021). Computer and Information Security Handbook. Elsevier.
Northcutt, S., & Shenk, D. (2019). Network Intrusion Detection. Sams Publishing.
Rimal, B. P., & Jukan, A. (2020). Cybersecurity in the Cloud. IEEE Communications Surveys & Tutorials.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.