Please see attachment for instructions
Discussion
In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format.
1. Discuss some of the common issues with implementation of security policy.
2. What are some possible mitigations to ensure policy can be enforced.
Replies
In 400 words total, replying to the two posts below. Each reply must be 200 words for post 1 and post 2.
E.A POST 1
Hello class, hope we all had a great weekend? Below is my initial submission.
The implementation of information security policies is hampered considerably by an employee’s lack of understanding or interest. Most of them do not read the policies, or they do read them, but fail to comprehend how these policies relate to their daily activities. (Peltier, 2013) argues that the effectiveness of a policy is directly influenced by how well it is disseminated and sustained through training. Even the most well-crafted policies start failing without user awareness.
The other challenge involves policies that are overly verbose or contain complicated language. Policies that are too complicated to read are unlikely to be followed. (Peltier, 2013) emphasizes tailoring content for various groups, like staff, managers, and IT to improve understanding and compliance. Making policies easier to understand improves the likelihood of adoption compliance.
Policy enforcement is also a weak point. Policies often lack apparent enforcement mechanisms such as audits, and no one is verifying compliance. (Peltier, 2013) advocates for the incorporation of technical policy enforcement mechanisms, as well as audit logs, monitoring tools, and policy accountability controls. Policies also need support from organization leadership for legitimacy.
Lastly, many organizations do not routinely review and revise their policies. Policies need to be reviewed and updated at appropriate intervals because both threats and technology evolve over time. An organized review process, especially following audits or if an incident were to occur, will help to keep security practices current (Peltier, 2013). Therefore, policies that are easy to understand, enforceable, and updated regularly can contribute to compliance and reduce risk.
Reference
Peltier, T. R. (2013). Information security fundamentals (2nd ed.). Auerbach Publications.
A.M POST 2
Putting security policies into action is crucial for keeping an organization’s data and systems safe, but it’s not always smooth sailing. A big problem is that employees often don’t follow rules, either because they don’t get why they matter or find them a hassle—like using weak passwords or sharing sensitive info. Regular training and explaining why these policies are important can help build a security-focused mindset. Another issue is spotty enforcement, often because no one’s clear on who’s responsible or there aren’t enough tools to track compliance. Setting clear roles and using automated monitoring can fix this. Smaller organizations especially struggle with limited budgets or know-how. They can lean on affordable cloud security tools or hire outside experts to bridge the gap. Overly complicated policies also cause trouble, confusing everyone and leading to mistakes. Keeping policies simple yet strong, maybe by following standards like NIST, can make things clearer. People often push back against new rules, too. Getting everyone on board early and showing how these changes lower risks can smooth things over. Lastly, policies need to keep up with new threats, so they should be reviewed and updated regularly using the latest threat info. By tackling these challenges with practical solutions, organizations can make sure their security policies actually work without being a burden.
