Comprehensive Report: Cybersecurity Program Maintenance, Semester X

Verified

Added on 2022/09/24

AI Summary

This report provides a comprehensive analysis of cybersecurity program maintenance, focusing on developing an actionable plan. It details procedures for tracking and measuring performance through various methods like performance reviews, peer appraisals, and customer voice monitoring. The report outlines strategies for identifying threats and vulnerabilities, emphasizing the importance of understanding business processes and network infrastructure. It also covers procedures for obtaining policy feedback, including the implementation of policies like acceptable use and disaster recovery. Furthermore, the report discusses tools and procedures for monitoring the external and internal environments, such as SWOT and PEST analyses, and details budget allocation procedures. The conclusion highlights the critical role of data protection and information security in modern organizations, emphasizing the need to address evolving threats and challenges in the cybersecurity landscape. The report references multiple sources to support the information.

Running head: CYBERSECURITY PROGRAM MAINTENANCE
Cybersecurity Program Maintenance
Name of the Student
Name of the University
Author’s Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1CYBERSECURITY PROGRAM MAINTENANCE
Table of Contents
Introduction......................................................................................................................................2
Actionable Plan................................................................................................................................2
Procedures for tracking performance...........................................................................................2
Procedures to measure and monitor performance.......................................................................3
Procedures to identify threats and vulnerabilities........................................................................4
Procedures for obtaining policy feedback...................................................................................5
Procedures and tools for monitoring external and internal environment....................................5
Procedures for budget allocation.................................................................................................6
Procedures to catch oversight......................................................................................................7
Conclusion.......................................................................................................................................7
References........................................................................................................................................9

2CYBERSECURITY PROGRAM MAINTENANCE
Introduction
IT security is securing things that are valuable aspects of any organization. That usually
includes data, people and property, which is the assets of the organization. There are security
controls in order to reduce or minimize the damage to those properties. These involve any form
of program, process, strategy, system, approach, plan, operation, or tool designed for
helping accomplish that goal. This study aims to create and discuss the actionable plan, which
will include the budget allocation and executive support.
Actionable Plan
Procedures for tracking performance
Some basic methods of monitoring that management should use to gauge organizational
and employee performance are:
Performance Reviews
Standardized performance evaluation sheets will allow the managers to monitor over time
the success and improvement of workers toward organizational goals (Galbraith, 2014).
Multiple types provide spaces for staff to assess their own results in addition to management
reviews, which encourage the discussion between the stakeholders.
Peer Appraisals
Peers also have opinions on the success of their peers, which has driven some institutions
to conduct peer reviews. Appraisals may be monitored against multiple data over several

3CYBERSECURITY PROGRAM MAINTENANCE
monitoring cycles, which help identify behavior trends which are favorable and unfavorable
patterns.
Dashboards
Multiple organizations use standardized dashboards to monitor the success of their
organizations or divisions. Dashboards may contain a number of measures based on the main
workflow dimensions or vital performance factors that a company needs to measure.
Customer Voice
Monitoring complaints from staffs is critical for quality control, which is why many
businesses are monitoring the client’s voice. Mechanisms for monitoring vary, but may include
the Excel spreadsheets or repositories intended to record service or product failures.
Procedures to measure and monitor performance
Evaluate Organizational Priorities
The first stage ensures that the tools dedicated to monitoring and evaluating success are
directed towards strategic corporate objectives and mission.
Choose Performance Measures
After the organization examines what is important to calculate, the next step will be to
choose different metrics of success (Harbour, 2017).
Determine the Baseline
Once success measures are selected, the reference data for the measures is gathered by an
organization.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4CYBERSECURITY PROGRAM MAINTENANCE
Evaluate Performance
When the baseline calculation has been done, the company decides if success is
acceptable or if changes are needed.
Develop plan and make changes
If the organization has worked successfully to improve quality, there is usually still a
proven method for improving quality (Cummings & Worley, 2014).
Monitor Performance
After the proper change, measurement results are measured, and regular output
assessment measurements will be done. It is regularly involved in development research. A trend
is emerging, as success is measured over time.
Procedures to identify threats and vulnerabilities
Having maximum value from the vulnerability assessment includes understanding the
mission-critical structures and underlying systems of the enterprise, and adapting that knowledge
to the outcomes (Conteh & Schmick, 2016). This will require the following measures to be fully
effective:
 Take the active role
 Understand and identify the business processes
 Pinpoint the applications as well as data, which underlie business processes
 Find the hidden data sources
 Determine the applications and data
 Map the infrastructure of the network, which connects the hardware

5CYBERSECURITY PROGRAM MAINTENANCE
 Identify the controls
 Run the vulnerability scans process
 Apply technology and business context
 Conduct penetration testing
Procedures for obtaining policy feedback
The following procedures and policies would be needed for the mature security program:
 Acceptable Use Policy
 Disaster Recovery Policy
 Access Control Policy
 Business Continuity Plan
 Remote Access Policy
 Change Management Policy (Jacobs & Weaver, 2015)
 Email or Communication Policy
 Information Security Policy
 Incident Response Policy
Procedures and tools for monitoring external and internal environment
The organizations should adapt themselves including their approach to the ever-changing
external environment (Langenwalter, 2019). Often called macro climate is exterior environment.
These external forces cannot be managed and can be evaluated using a range of tools and
techniques, such as:
 SWOT analysis
 PEST analysis

6CYBERSECURITY PROGRAM MAINTENANCE
 MOST analysis
 De Bono’s Six Thinking Hats
 Five whys
 Catwoe
 SCRS analysis
 MoSCoW
 VPEC-T analysis
The capabilities, abilities, attitudes, vulnerability and identifying skills are key
components of the organization’s internal environment. Every company uses different kinds of
resources to help them accomplish their goals, and the way they use the resources may be the
basis of their weaknesses or strengths (Shatrevich, 2014). It can also be characterized as
organizational ability that is used to formulate the plans and objectives that can be accomplished
by the organisation and should not be impractical according to the capabilities. Many aspects of
an organization’s internal operating environment are:
 Organizational Resources
 Organizational Behavior
 Competency
Procedures for budget allocation
Budgeting at all stages of budget policy involves two crucial considerations by
understanding how much revenue the organization have to deal with and how much money
they want to invest (Chen et al., 2015). A more important step in the process of assessing and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7CYBERSECURITY PROGRAM MAINTENANCE
determining whether to endorse a budget is for identifying spending priorities. By following the
procedures budget can be allocated effectively.
 Budget Request
 Budget Negotiations
 Budget Request
 Budget Negotiations
 Budget Resolution
 Budget Appropriations
Procedures to catch oversight
There are many reasons why the organizations need to set up oversight:
 To ensuring accountability
 Performance management
 To ensure rules and legislation are adhered to
 To regulate unequal treatment, injustice, unlawfulness and unethical behavior (Johnson,
Keune & Winchel, 2014)
 To guarantee the success of the services or actions for which the organizations are
accountable
 To help others improve their health
Conclusion
This can be concluded by this study that, data protection is essential for the growth of an
entity which retains data or data about its customers or industry. To maintain information

8CYBERSECURITY PROGRAM MAINTENANCE
security, the architecture of modern organizations is based on confidentiality, integrity and
availability. Rather than that, the widespread usage of computer technology has increased the
business’ performance, but exposes the company to new threats and obstacles such as a lack of
knowledge about cyber security, mobile workers and digital networking, a shortage of computer
security staff and cyber security attacks. Applying the protection of information is a mechanism
that is much more complicated than applying the other management because of the large number
of variables that can influence its effectiveness.

9CYBERSECURITY PROGRAM MAINTENANCE
References
Chen, C. H., Chick, S. E., Lee, L. H., & Pujowidianto, N. A. (2015). Ranking and selection:
efficient simulation budget allocation. In Handbook of Simulation Optimization (pp. 45-
80). Springer, New York, NY.
Conteh, N. Y., & Schmick, P. J. (2016). Cybersecurity: risks, vulnerabilities and
countermeasures to prevent social engineering attacks. International Journal of Advanced
Computer Research, 6(23), 31.
Cummings, T. G., & Worley, C. G. (2014). Organization development and change. Cengage
learning.
Galbraith, J. R. (2014). Designing organizations: Strategy, structure, and process at the business
unit and enterprise levels. John Wiley & Sons.
Harbour, J. L. (2017). The basics of performance measurement. Crc Press.
Jacobs, A. M., & Weaver, R. K. (2015). When policies undo themselves: Self‐undermining
feedback as a source of policy change. Governance, 28(4), 441-457.
Johnson, L. M., Keune, M. B., & Winchel, J. (2014). Auditor perceptions of the PCAOB
oversight process. Univ. Tennessee Work. Paper.
Langenwalter, G. A. (2019). Enterprise resources planning and beyond: integrating your entire
organization. CRC Press.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10CYBERSECURITY PROGRAM MAINTENANCE
Shatrevich, V. (2014). Industrial structures as competitive factor in organization
development. Procedia-Social and Behavioral Sciences, 110, 871-878.