Question 1: What is the difference between policy and standards?
The primary difference between policy and standard is the different intentions about particular actions while referring to steps to be taken. In this case, the initial goal of the policy is to determine the existence of a certain issue and its coverage (Eastton & Taylor, 2011). It assures the compliance of the individuals with the established legal system. Meanwhile, the standards in their nature are related to the particular level of quality while introducing the control measures (Eastton & Taylor, 2011).
Question 2: Why are guidelines and recommendations optional while policies and standards are mandatory?
It could be said that the guidelines and recommendations have an optional nature, as they have a tendency to propose one of the ways of the actions, which the organization or an individual could follow in a particular situation (Whitman & Mattord, 2011). Meanwhile, the policies and standards could be considered of a higher power, as they identify the issue and determine the necessity to comply with the law regarding the particular issues.
Question 3: Why are policies developed at a high level in the organization?
It remains apparent that policies are developed at a high level of organization for several reasons. One of them is the fact that the management is able to understand the necessity of the policy introduction by comparing it with the company’s needs, vision, values, and mission (Bolles & Hubbard, 2007). Meanwhile, a high level of organization has significant authority and power for the development and establishment of new policies.
Question 4: Why is consistent enforcement critical for cyber policies, standards, and procedures?
In turn, the continuous enforcement of the policies, standards, and procedures is critical to the context of cyber law. This sphere is relatively novel, and its current standards do not cover all of the issues and questions (Kubota, 2007). Meanwhile, technology tends to develop on a regular basis, and this matter determines the necessity to establish new policies and redesign old ones on a regular basis (Kubota, 2007).
Question 5: What is business continuity management?
Business continuity management is a business strategy, which implies the continuous assessment of risks while evaluating the organizational responses to these threats (Hiles, 2010). Meanwhile, it aims at the development of stability of the firm and its resilience to ensure the relevant return of investment for the stakeholders.
Question 6: What is the impact of incomplete or missing information on a security policy?
It could be said the lack of information in the security policy has an adverse impact on the functioning of the organization and its safety. In this case, this matter determines that the absence of coverage of the precise issues might be a cause of the wrongful decision-making and misunderstanding of the presence of the particular actions leading to theft and data leakage (Whitman & Mattord, 2011).
Question 7: What is management’s role in cyber policy development and enforcement?
Meanwhile, it remains apparent that the management’s role cannot be underestimated in the development of the cyber policies, as this entity has a key influence on the standards, procedure, or policy introduction (Bolles & Hubbard, 2007). It could be said that management defines the flow of the processes and identifies the existence of the issue, which has to be addressed to improve the company’s functioning and profitability. In turn, it has a superior power to influence the decision-making process and enforcement of the policies.
Question 8: How is risk management improved, and residual risk decreased through sound cyber policies?
It could be said that the introduction of the cyber policies has a positive influence on the risk management, as it is related to the continuity management and minimizes the risks associated with the theft and leakage of the confidential information. Nonetheless, the residual risks tend to increase since the probability of the data theft continues to rise due to the constant development of technology and gaps in the information security.
References
Bolles, D., & Hubbard, D. (2007). The power of enterprise wide project management. New York, NY: AMACOM.
Eastton, C., & Taylor, J. (2011). Computer crime, investigation, and the law. Boston, MA: Cengage Learning.
Hiles, A. (2010). The definitive handbook of business continuity management. Hoboken, NJ: John Wiley & Sons.
Kubota, T. (2007). Cyberlaw for global e-business: Finance, payments, and dispute resolution. Hershey, PA: Information Science Reference.
Whitman, M., & Mattord, H. (2011). Reading & cases in information security: Law & ethics. Boston, MA: Cengage Learning.