Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
The how and why of cyber security policy : Create behavioural and technical rules to mitigate risk
Cyber Security: A Peer-Reviewed Journal,
6
(2),
132-140
(2022)
Abstract
This paper discusses the importance of a well-written cyber security policy. It examines the risks associated with not having policy or having weak policy, and the three ways policy seeks to address those risks: risk prevention, risk mitigation and result mitigation. It also describes how to create strong policy by identifying the audience and choosing a framework; establishing a process for drafting and publishing the policy; communicating and training on the policy; and finally, monitoring compliance with the policy’s requirements. Creating and maintaining a policy programme that follows this roadmap not only provides the tools for an organisation’s employees to work securely but can protect an organisation from negative financial impact — be that legal, reputational or regulatory.
Keywords: policy; technical writing; governance; cyber security; information security; risk mitigation
The full article is available to subscribers to the journal.
Author's Biography
Jael Lewis Jael Gray Lewis works for Walmart Inc. as a Risk Expert where she writes and maintains tech and information security policy. Prior to that, Jael worked as a corporate attorney managing consumer debt and real estate. She is licensed to practise law in the state of Arkansas and holds a JD from the University of Arkansas. She and Cara Turbyfill co-led the workshop titled ‘How to Draft Strong Cybersecurity Policy’ at the 2022 Women in CyberSecurity (WiCyS) Conference in Cleveland, Ohio.
Cara E. Turbyfill works for Walmart Inc. as a Senior Manager where she writes and maintains privacy and data governance policy. Prior to that, she designed and reviewed compliance, financial and supplier due diligence workflows to mitigate anti-corruption/anti-bribery risk at Walmart, during which time she worked in seven of Walmart’s international markets. Cara holds a JD from the University of Arkansas. She and Jael Lewis co-led the workshop titled ‘How to Draft Strong Cybersecurity Policy’ at the 2022 Women in CyberSecurity (WiCyS) Conference in Cleveland, Ohio. Cara has also spoken about third-party risk at ProcureCon in Phoenix, AZ.
