Critical analysis and replies needed

profileJohn_matt
case_study_1.docx

 Introduction

Due to the latest hacking attempts, we must take additional measure to preserve the availability, integrity, and confidentiality of our networks and services provided to the community.  Our new policy is a step in the right direction to address recent attacks. While we can appreciate that the new login and registration standards are more complicated to obtain services, these steps are necessary and must be implemented. Based on local sentiment towards the new policy such as the perceived invasion of privacy, officials will need to address the local community’s concerns.

Policy Timeline

The policy implementation should be rolled out 90 days from now.  This timeline will allow the public to address concerns they have with the new policy.  Consultation “serves accountability and government's strategic intent to consult with those who will be impacted by a policy decision” (The Policy Cycle, n.d.). It is imperative that officials meet with the opposition to understand the positions. “Public engagement is a new way of thinking about how governments, stakeholders, communities and ordinary citizens can work together to achieve complex, societal goals” (Bullock, Mountford, & Stanley, 2001). By discussing the changes in policies, we can promote mutual understanding. 

Provide the Facts

To assure the public that the information collected will be secure, explain the privacy policies associated with registration.  Parks and recreation registration completely respect the user’s right to privacy. Information collected about individuals will not be shared with outside organizations. Data of the users will be secured within the local network utilizing the latest standards for security. 

Furthermore, explain that the new security procedures will provide better protection than what previously used with only creating a password. Two-factor authentication is part of our strategy to protect the users of our services. “Two-factor authentication is one of the best things you can do to make sure your accounts don't get hacked” (Gordon, 2013). After registration is completed, users will receive a PIN to verify the account.  The additional layer of security is necessary due to the research that proves passwords alone do not adequately protect accounts. A release from the SANS Institute states, “It has been proven that username and password alone do not provide sufficient security for sensitive information that needs more protection than other information” (Valente, 2009).

Conclusion

For the new policy to be successful, we must create buy-in from the community and explain why it is beneficial.  The public must be informed of the facts to dispel fears regarding it. The policy will be delayed to allow time for local officials to meet with opposition groups.

References

Gordon, W. (2013, December 10). Here's Everywhere You Should Enable Two-Factor Authentication Right Now. Retrieved July 12, 2016, from http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two-factor-authentication-right-now

Valente, E. (2009). Two-Factor Authentication: Can You Choose the Right One? [PDF]. SANS Institute. Retrieved July 12, 2016, from https://www.sans.org/

Bullock, H., Mountford, J., & Stanley, R. (2001). PolicyNL. Retrieved July 12, 2016, from http://www.policynl.ca/policydevelopment/innovativeapproaches.html#Public-Engagement

PolicyNL. (n.d.). Retrieved July 12, 2016, from http://www.policynl.ca/policydevelopment/ policycycle.html#consultation