 The how and why of cyber security policy: Create behavioural and technical rules to mitigate riskJael Lewis and
Cara E. Turbyfill
Cyber Security: A Peer-Reviewed Journal, 2022, vol. 6, issue 2, 132-140 Abstract: This paper discusses the importance of a well-written cyber security policy. It examines the risks associated with not having policy or having weak policy, and the three ways policy seeks to address those risks: risk prevention, risk mitigation and result mitigation. It also describes how to create strong policy by identifying the audience and choosing a framework; establishing a process for drafting and publishing the policy; communicating and training on the policy; and finally, monitoring compliance with the policy’s requirements. Creating and maintaining a policy programme that follows this roadmap not only provides the tools for an organisation’s employees to work securely but can protect an organisation from negative financial impact — be that legal, reputational or regulatory. Keywords: policy; technical writing; governance; cyber security; information security; risk mitigation (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2022:v:6:i:2:p:132-140 Access Statistics for this article More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.