Cybersecurity program

profiletukaz2005
CybersecurityProgramMaintenance.docx

Running Head: CYBERSECURITY PROGRAM MAINTENANCE

CYBERSECURITY PROGRAM MAINTENANCE 4

Student Name

School NAME

Date

TABLE OF CONTENT

1. Procedure to track performance………………….……………………………………3

2. Procedures to monitor and measure performance for areas of improvement…............3

3. Procedures to identify new threats, vulnerabilities, or any countermeasures…............4

4. Procedures to obtain feedback on the effectiveness of policies………………….........4

5. Procedures and technical tools to monitor the internal and external environment……………………………………………………...……………….…...4

6. Procedures for budget allocation……………………………………………...………5

7. Procedures to catch any oversights……………………………………………………5

Procedure to track performance

Organizations that track their performance can improve their employees' efficiency and enhance the effectiveness of their operations and be able to find out any type of vulnerabilities occurring, or any issue related to cybersecurity (Zarreh et al., 2019). Tracking the cybersecurity performance should be tracked through the following procedure. One, you need to track the level of preparedness such as the number of devices on your organization network that is fully patched and update. The other step is to identify the number of unidentified devices on internal networks. The fourth procedure is to identify how often attackers breached the information asset and also identify how long do security threats go unnoticed, the meantime you took to respond to the cyberattacks, and the meantime you took to contain the threat. The other steps to track performance include, first-party security rating, track the average vendor security rating, patching cadence, access management, track your company and peer performance, and lastly track the meantime for vendors incident responses.

Procedures to monitor and measure performance for areas of improvement

A critical requirement for any cybersecurity program maintenance is to continuously verify the effectiveness of an established controls. Periodic evaluation of organisation security controls helps to determine whether the security control is operating as intended.

Monitoring and performance measurement is vital for business success. It's important to identify the areas that need to be improved to maximize the productivity of the organization (Zarreh et al., 2019). First, you can evaluate the user's system performance and their vulnerabilities to cyber threats. This procedure is very vital because, through it, one can identify the possibility of hackers or any other unauthorized access to the systems. You can also review the work in progress on regular basis in those areas. This will prevent the organization from recurring cyber threat instances.

Procedures to identify new threats, vulnerabilities, or any countermeasures

Cybersecurity threats are common in many organizations and to mitigate these risks, routine network vulnerability and threats assessment should be conducted (Choudhary et al., 2021). There are various steps to identify new network threats and vulnerabilities assessment, which include conducting risk identification and analysis, formulating vulnerability and security threats scanning policies and procedures, recognizing the type of vulnerabilities scan, configuring and performing the scan, assessing risks, analyzing the scanning results, and lastly developing a remediation and mitigation plan.

Procedures to obtain feedback on the effectiveness of policies

This can be conducted by surveying to learn their early employee experience. You can also conduct employee engagement surveys to obtain a large number of feedbacks at once. Review sites can also be a very effective channel where feedbacks on policy effectiveness can be obtained. Many employees feel it difficult to share feedbacks with their top management, but they may share it on review sites, thus monitoring the sites will help in obtaining feedback on policy effectiveness.

Procedures and technical tools to monitor the internal and external environment

Technical tools or techniques to monitor the internal and external environment include antivirus software, penetrating testing, firewall, staff training, and managed detection services. To monitor the internal and external environment, you are required to determine the scope of risk assessment, and then determine the number of unauthorized devices used for business tasks and ensure they are encrypted to prevent unauthorized access. The last step of monitoring the internal and external environment is to implement security policies to safeguard the organization's intellectual information.

Procedures for budget allocation

Getting the c-levels to approve an IT security budget is one of the most critical tasks that IT professionals experience during their working period (Zarreh et al., 2019). A clear and effective procedure for budget allocation can help mitigate this tough task. First, the IT professionals should outline all the expenditures and financial obligations they plan to cover with their cybersecurity program budget. The next step is to determine your method of cybersecurity program funding. Then there is the execution process where the resources are allocated to various budget items and lastly the allocated budget is monitored and maintained.

Procedures to catch any oversights

To catch any cybersecurity oversight, the IT professionals should one, make cybersecurity an enterprise-wide initiative (Zarreh et al., 2019). A good oversight requires aligning the company's core values and ethical attributes with the company’s cybersecurity strategies, risk tolerance, and business approach. The next step is to test your cyber protection more frequently to ensure they are functioning. The other process is to develop a better rapport with your CISO on issues related to cyber risks within the organization and the last process is to think hard on the skills required to mitigate the cybersecurity incidents.

Reference

Choudhary, Y., Umamaheswari, B., & Kumawat, V. (2021). A Study of Threats, Vulnerabilities, and Countermeasures: An IoT Perspective. Shanlax International Journal Of Arts, Science, And Humanities8(4), 39-45. doi.org/10.34293/sijash. v8i4.3583.

Zarreh, A., Wan, H., Lee, Y., Saygin, C., & Janahi, R. (2019). Cybersecurity Concerns for Total Productive Maintenance in Smart Manufacturing Systems. Procedia Manufacturing38, 532-539. doi.org/10.1016/j.promfg.2020.01.067.

Bakertilly (2017). Monitoring and verifying cybersecurity controls effectiveness.