Answer

Cybersecurity Policy Design Issues

 In the recent past,  cyber threats have risen dramatically. The Defense Science   Board has documented several breached systems with the Edward Snowden/National Security Agency scandal, perhaps serving as the best example (Schooner & Berteau, 2014). This paper elaborates on policy features needed to protect against the insider threat, access control, and the policy’s features to protect against effects from possible upstream.

When it comes to cybersecurity, most attention goes to internet-based attacks; however, insiders can be of more or equal threat and can do the most damage. Insiders have a more intimate knowledge of the practices, network layouts, staff, and even loopholes in the system. To address this, plug information leaks by screening channels that can be used to flow out sensitive information such as emails, instant messaging, printed copies, or even conversations between mates. With the use of technology such as neural networks and a security policy, this can be achieved (Yuan et al., 2018). To protect against operations security, access to network devices should be restricted using AAA authentication. A “need-to-know” basis should be a rule of thumb regarding sharing and accessing information (Zhang, 2020).  Moreover, employees should only have minimum access to conduct their activities under the principle of least privileged.

Access control guarantees that the users are whom they say they are and have the required access to the company data. For an enterprise seeking to secure its access controls, access controls should not be static and should change based on the risk. Threats should be identified in real-time and access controls automated accordingly (Martin, 2019). Biometric authentication and biometric data can be kept safe by keeping the software and firmware up to date. This will reduce the vulnerabilities of your system.

Upstream and multi-sector poor cybersecurity management policies cascade down to downstream businesses. To avert this, features such as insurance and hardware maintenance plans can be employed (Ursillo & Arnold, 2021). With adequate insurance, damaged infrastructure, and investigation, rebuild and restore costs can be covered in an upstream or multi-sector attack. Periodically maintained hardware such as servers, backups, and switches can be quickly and easily rectified if a cyberattack may lead to failure.

In summary, with today’s world being computerized, new risks emerge every hour. Cyber risk is therefore becoming a focus of governments and organizations globally. New features that offer reliable protection should be included in all organizations’ cybersecurity policies to stay up to date.

.