The Cyber Security Operational Policy course provided immense value to me as a working cyber security professional in a few ones. First, it provided a real-world example of how to create policies for an organization to ensure the organization meets laws and regulations, and at the same time it allowed me to explore a wealth of resources. I choose to specifically call out the implementation challenges section because this is often one of the most common areas I have found challenging when working on policies within information security. Professionally, I had discovered executive buy-in as one of the most critical aspects, and the course reinforced this.
In addition, I'm ethically bound to ensure that policies are fair, supported, and meet corporate goals and objectives while also maintaining a quality information security program. It is unprofessional to create policies sold to executives which are difficult, if not impossible, to enforce and expect employees to be able to, or even want to, follow them. Discovering ways to address these gaps over the years while working was a challenge which is why seeing this aspect included in the course was beneficial professionally. Having a clearly outlined implementation, compliance, and enforcement section by more seasoned professionals allows me to learn by their experience in areas I may not have dealt with before, and it saves my employer money which is also a positive as I don't use as many hours reinventing the wheel.
The final artifact in this section was is an example of a privacy policy. I have a personal, professional, and ethical duty to ensure that information security practices are not violating any laws, regulations, or expectations of privacy of my fellow human beings. Human beings do not respond well to be continuously monitored and quickly lose trust when their privacy is violated. This decreases productivity and morale. As an example, Jourard wrote that "Authoritarian personalities, which are lost without external sources of control and guidance, seek out institutions that deprive them of privacy, because with privacy comes the awakening of freedom and its attendant responsibilities to direct one's own life" (Jourard, 1966). To prevent an authoritarian type environment, organizations can contribute to health and human freedom by creating a privacy policy which is open, fair, and which ensures that employees are protected from false accusations. Privacy policies combined with awareness of these policies ensure that both the organization and employees are safe and productive.
References
In addition, I'm ethically bound to ensure that policies are fair, supported, and meet corporate goals and objectives while also maintaining a quality information security program. It is unprofessional to create policies sold to executives which are difficult, if not impossible, to enforce and expect employees to be able to, or even want to, follow them. Discovering ways to address these gaps over the years while working was a challenge which is why seeing this aspect included in the course was beneficial professionally. Having a clearly outlined implementation, compliance, and enforcement section by more seasoned professionals allows me to learn by their experience in areas I may not have dealt with before, and it saves my employer money which is also a positive as I don't use as many hours reinventing the wheel.
The final artifact in this section was is an example of a privacy policy. I have a personal, professional, and ethical duty to ensure that information security practices are not violating any laws, regulations, or expectations of privacy of my fellow human beings. Human beings do not respond well to be continuously monitored and quickly lose trust when their privacy is violated. This decreases productivity and morale. As an example, Jourard wrote that "Authoritarian personalities, which are lost without external sources of control and guidance, seek out institutions that deprive them of privacy, because with privacy comes the awakening of freedom and its attendant responsibilities to direct one's own life" (Jourard, 1966). To prevent an authoritarian type environment, organizations can contribute to health and human freedom by creating a privacy policy which is open, fair, and which ensures that employees are protected from false accusations. Privacy policies combined with awareness of these policies ensure that both the organization and employees are safe and productive.
References
- Jourard, S. M. (1966). Some Psychological Aspects of Privacy. Law and Contemporary Problems, 31(2), 307. doi: 10.2307/1190673