top of page

Operational Policy

Security policies are a collection of several documents outline the controls, actions, and processes to be performed by an organization. Its development, implementation and execution are essential part of a cybersecurity strategy because Security policies should cover every threat to the system. They should include protecting people, information, and physical assets. Policies should also include rules of behavior such as acceptable use policies. The policies must also set rules for users, define consequences of violations, and minimize risk to the organization. (Johnson, 2015) Everyone must follow policies if they are to be effective. A Security policy implementation needs user acceptance to be successful. The policy implementation must be a series of steps. (Johnson, IT Security Policy Implementations, 2015) The policy implementation must be a series of steps that ensure the policy is put into practice. A proper implementation process educates, creates support, and integrates the policy into the day-to-day operations. The policy must also minimize costs and impact on the business. (Johnson, Simplified Implementation Process, 2015) Executive support is key to security policy enforcement. The executive can send a clear message that there’s zero tolerance for ignoring security policies. The executive must be clear that violations of policies will be taken seriously. (Johnson, Executive Management Sponsorship, 2015) Executive management must set the tone and enforce policy consistently across all lines of business. There must be a consequence for noncompliance. Management must engage in making employees aware of the importance of security policies. There must be escalating levels of disciplines for noncompliance. (Johnson, Best Practices for IT Security Policy Enforcement, 2015)

​

Johnson, R. (2015). Best Practices for IT Security Policy Enforcement. In R. Johnson, Security Policies and Implementation Issues (p. 419). Burlington: Jone & Bartlett Learning.

Johnson, R. (2015). Executive Management Sponsorship. In R. Johnson, Security Policies and Implementation Issues (p. 399). Burlington: Jones & Bartlett Learning.

Johnson, R. (2015). IT Security Policy Implementations. In R. Johnson, Security Policies and Implementation Issues (p. 362). Burlington: Jones & Bartlett Learning.

Johnson, R. (2015). Simplified Implementation Process. In R. Johnson, Security Policies and Implementation Issues (p. 364). Burlington: Jones & Bartlett Learning.

Johnson, R. (2015). What Are Information Systems Security Policies? In R. Johnson, Security Policies and Implementation Issues (p. 15). Burlington: Jones & Bartlett Learning.

​

​

Below is my final project for Health Insurance Company, Inc. (HIC, Inc.) Information Security Policy:

​

​

​

​

(619) 260-4600

©2018 by Ken Yee's University of San Diego Cyber Security Operations & Leadership Capstone Course Portfolio. Proudly created with Wix.com

bottom of page