Cybersecurity Policy Recommendations for Skyward Company

Verified

Added on 2023/06/11

AI Summary

This report provides an overview of cybersecurity policies that should be implemented by Skyward Company, an IT-based organization. It highlights the importance of cybersecurity in protecting vital data and ensuring smooth operations. The report analyzes current research on the subject matter, emphasizing the use of access control and CIA principles (Confidentiality, Integrity, and Availability). It also discusses the British Standard for Information Security Management, including asset identification, risk assessment, and risk treatment. Recommendations for improving cybersecurity within the organization include comprehensive security training for staff at all levels to bridge the trust gap between IT groups and business functions. The report concludes that Skyward Company should prioritize the proper implementation of cybersecurity measures and develop mechanisms for continuous learning and adaptation to evolving threats. Desklib offers a wealth of similar resources to aid students in their studies.

Running head: CYBERSECURITY POLICIES TO BE IMPLEMENTED BY SKYWARD COMPANY
Cybersecurity Policies to be implemented by Skyward Company
Name of the Student
Name of the University
Author’s note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1CYBERSECURITY POLICIES TO BE IMPLEMENTED BY SKYWARD COMPANY
1. Background section
The Skyward Company is an IT based organization, which focuses on the
creation of the IT based products such as software, hardware and various other
websites. The company makes use of the various software in order to deal with the
various ongoing projects that are undertaken by them. In the previous times, the data
that was used by the company was mainly stored in the paper based format. With
the advancements in the field of technology, the company makes use of the
electronic based methods that would be helpful in recording the data of the
customer, telephone numbers, emails, accounting and financial based information. In
order to deal with the issues that affects the cyberspace within the organization, the
organization would need to adapt such kind of changes that would be helpful for
securing the vital data of the organization (Von Solms & Van Niekerk, 2013).
2. Analysis of Current Research on the Subject Matter
The use of cybersecurity within an organization would play a major role for the
protection of the vital data of the organization and thus ensure that the projects and
the services would be able to function without facing any such kind of difficulties or
any such kind of delays (Uma & Padmavathi, 2013). In the recent times, most of the
organizations depend exclusively on the use of the computer systems and the
functioning of the internet based platform. They also require the use of contacting
with their clients on a daily basis and also perform such kind of tasks that would
require a high level of research, strategic based planning and other kind of strategies
based on marketing. The overall financial based success of the organization would
mainly depend on the successful based implementation of the set goals that would
again depend on the significant health of the computers (Todorovic et al., 2015).

2CYBERSECURITY POLICIES TO BE IMPLEMENTED BY SKYWARD COMPANY
It is extremely vital that the systems would remain free from several kind of
intrusions from different kind of third parties who might always attempt to gain an
unauthorized access to the systems. The failure on the part of the IT security experts
would result in the loss of vital data, loss on the competitive information and loss of
the private data of the customers or the employees.
The implementation of the cyber security is done through the control of
access and the CIA based principles. Access control could be defined as the
procedure for the process of controlling the limit of access to the information and to
the extent of the alteration of the message by the specific person. The control of
access also incorporates the control of the arrival to physical based facilities (Zhou,
Varadharajan & Hitchens, 2013).
The CIA based principles stand for confidentiality, integrity and availability.
These principles would refer to the three basic qualities or the different states of data
that are being protected (Block & Block, 2014). The data should be kept in a
confidential state such that the unauthorized access or the spying of the data should
be stopped. The data should retain their personal identity, which would mean that
the alteration, destruction or the manipulation of the data should be stopped. The
data should be made to available whenever it would be needed by some person.
This would mean that there would not be any DDoS based attacks or any kind of
ransomware based attacks that would be a fact of danger for the availability and the
integrity of the data (Zargar, Joshi & Tipper, 2013).
The British Standard based on the Information Security Management would
be suggesting certain kind of steps that would be concerned on the basic planning of

3CYBERSECURITY POLICIES TO BE IMPLEMENTED BY SKYWARD COMPANY
an Information Security Management System (ISMS). The steps are Identification of
the Assets, Assessment of the Various Kind of Risks and the Treatment of the Risks.
Identification of the Assets – The various kind of assets for any organization
could be defined as the physical antique of any organization that would include
historical based data, photographs and the electronic based inventories (Campbell,
Jardine & McGlynn, 2016).
Assessment of the Risks – A physical based breach would help in resulting
in the cases of theft of the important items and the financial based records of any
organization. A digital based breach would result in the spying of the
correspondence of the emails between the business partners, customers or experts
by creating a botnet and the stealing of the sensitive data of the customer (Haimes,
2015).
Treatment of the Risks – The installation of an alarm system would be
helpful in minimizing the amount of risks and thus the protection of the physical
assets of the organization. The different types of software and the operating systems
that are used within the organization should be maintained properly and they should
be updated on a regular basis such that they do not face any kind of vulnerabilities.
The security of the system is mainly based on the type of programs that are
designed by the IT security experts. The access should be granted to those
computers who would be designated to such kind of access. The security based
personnel should be given a proper training based on the kind of vulnerabilities that
could affect the system. The security personnel should not use the computers in an
irresponsible way, which might put the computers at a level of risk from being hacked
from various kind of attackers.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4CYBERSECURITY POLICIES TO BE IMPLEMENTED BY SKYWARD COMPANY
3. Recommendations for improving the use of Cybersecurity within
Organization
The trust based relationships among the different individuals within the
various units of the business, the IT based organization and the different functions of
the cyberspace could be difficult to maintain because of the fact that these groups
can sometimes function at cross based purposes (Sankowska, 2013). The
cybersecurity based team should be able to impose certain protocols related to the
safety that would be inconvenient for the employees to impede within their daily
based operations. In order to close the gap of trust between the IT groups and the
functions of cybersecurity within the business processes, the organizations would be
able to provide the training based on the comprehensive based security related to
staffers at different levels of the company. This would might include the meeting in
town hall, different kind of training modules and various form of workshops that
would mainly focus on the identification of the variable types of cyber threats and the
outlining of the appropriate responses when the employees would witness any form
of suspicious activity. These kinds of training could be helpful for the business based
employees to understand the justification for the protocols based on cybersecurity
and thus raise their level of awareness (Ben-Asher & Gonzalez, 2015). The
awareness could signal the various units of the business that the level of
cybersecurity would be a shared responsibility. Anyone who would have access to
the confidential based systems and data should play a major role for ensuring the
safety of the data.
4. Conclusion
Based on the above discussion, it could be concluded that the Skyward
Company should focus on the proper implementation of the use of cybersecurity

5CYBERSECURITY POLICIES TO BE IMPLEMENTED BY SKYWARD COMPANY
within the organization. They should develop several kind of mechanisms by which
different cybersecurity professionals and the IT could learn about the several
implications of the initiatives of IT based security on the various operation of the
business. The use of cybersecurity within an organization plays a major role within
the organization and hence this aspect should be taken into deep consideration so
as to protect the security and integrity of the company.

6CYBERSECURITY POLICIES TO BE IMPLEMENTED BY SKYWARD COMPANY
5. References
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, 51-61.
Block, J., & Block, J. H. (2014). The role of ego-control and ego-resiliency in the
organization of behavior. In Development of cognition, affect, and social
relations (pp. 49-112). Psychology Press.
Campbell, J. D., Jardine, A. K., & McGlynn, J. (Eds.). (2016). Asset management
excellence: optimizing equipment life-cycle decisions. CRC Press.
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley &
Sons.
Sankowska, A. (2013). Relationships between organizational trust, knowledge
transfer, knowledge creation, and firm's innovativeness. The Learning
Organization, 20(1), 85-100.
Todorović, M. L., Petrović, D. Č., Mihić, M. M., Obradović, V. L., & Bushuyev, S. D.
(2015). Project success analysis framework: A knowledge-based approach in
project management. International Journal of Project Management, 33(4),
772-783.
Uma, M., & Padmavathi, G. (2013). A Survey on Various Cyber Attacks and their
Classification. IJ Network Security, 15(5), 390-396.
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7CYBERSECURITY POLICIES TO BE IMPLEMENTED BY SKYWARD COMPANY
Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms
against distributed denial of service (DDoS) flooding attacks. IEEE
communications surveys & tutorials, 15(4), 2046-2069.
Zhou, L., Varadharajan, V., & Hitchens, M. (2013). Achieving secure role-based
access control on encrypted data in cloud storage. IEEE transactions on
information forensics and security, 8(12), 1947-1960.