StudyDaddy Information Systems You can get a basic understanding if individuals are being held accountable for adherence to security policies by examining policy violations, incidents, and security awareness. These basic measuremen

You can get a basic understanding if individuals are being held accountable for adherence to security policies by examining policy violations, incidents, and security awareness. These basic measuremen

Sraddha

COLLAPSE

Top of Form

Setting up adequate measures to ensure accountability to security policy adherence primarily focuses on the organization's goals and strategy. Two main processes that guide the operation of security measures are: measures development and measures implementation. In some situations, employees have the greatest security weakness for any organization. Introducing social engineering tests through phishing emails and monitoring employee's responses to such a threat can be one way to measure accountability to one's actions. Holding employees accountable for any violation will lead to stronger security culture. In certain instances, employees quickly eliminate the fraud and make excuses for the violation or incident that has occurred. But organizations need to act and hold employees accountable if the situation was not a test.

For instance, in a situation where a phishing email is sent to every employee to monitor their actions in the event of an attack, there are three possibilities in which this operation can be interpreted. If the employee clicks on the link and covers it up, the employee should be held accountable. However, if he clicks the link and reports it to the management, it can be considered a neutral situation. But that does not mean that the employee will not be held accountable, but he will be given a severe warning and monitored in the future. The same applied when the employee ignores the email and does not respond to it. However, if the employee reports the phishing email sent, it is noted in the employee's annual review under good behavior (Loder, 2018).

Holding employees accountable can be taken as a point system where each good behavior is worth 2 points, whereas a bad behavior is treated as -1. This can help management hold employees accountable for a certain amount of acceptable risk. Performing regular audits on each employee allows management to act on employees who have negative points and a series of violated attempts against the organization's security policies. Implementing a security measurement program mentioned above involved the following phases (Bartol, 2002):   

  1. Prepare for data collection.

  2. Collect employee data and analyze results.

  3. Identify corrective actions based on factors. 

  4. Develop business use cases.

  5. Obtain resources required for the corrective actions.

  6. Apply corrective actions identified to employees who have violated the policy structure. 

Bottom of Form



Asmita


Discussion 3

COLLAPSE

Top of Form

You can get a basic understanding if individuals are being held accountable for adherence to security policies by examining policy violations, incidents, and security awareness. These basic measurements are as follows: Number of security violations by employees reported, Number of incidents that could have been avoided, Completion and competency rate for security awareness.

Are there other ways to measure accountability for adherence to security policies? If yes, provide an example. If not, explain your answer.

There are numerous data breaches being reported each week that impacts huge number of individuals which is why there are security policies in place to prevent security incidents and safeguard confidential information. These policies require constant monitoring to ensure compliance across the organization which is why it is very important to have a set of metrics that measures the effectiveness and accountability for adherence to security policies. Having a well-developed metrics will help guide the future decision making effectiveness of the policies, what is working what’s not working, what changes needs to be made, etc.

One way to measure accountability for adherence to security policies is by taking attendance of the security awareness training and taking employee feedback. Measuring the effectiveness of security awareness training is very important when it comes to truly reducing an organization’s cyber risk, taking feedbacks from the employees will allow us to check people’s knowledge and comprehension of security. With the help of anonymous survey or feedback we can also get a good idea about employee’s behavior and actions for example, why employees leave their screens unlocked when unattended and whether they know about the risk of leaving unattended monitors unlocked. Getting feedbacks from the employees also helps us evaluate how satisfied they are with the training strategy and what percentage of employees are satisfied with the training, the accessibility of the training materials, course completion rates in various departments.

Bottom of Form


Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!