Difference between revisions of "User:Shawndouglas/sandbox/sublevel3"

From LIMSWiki
Jump to navigationJump to search
Line 1: Line 1:
You've also managed to identify what regulations affect your organization's operations, as well as who would be most affected by cybersecurity incidents. This and other areas are where you turn to identify your external stakeholders. While the identities of internal stakeholders are fairly easy to discern, determining external stakeholders can be a bit more challenging, and it will vary slightly depending on the nature of your business. A forensic science laboratory, for example, will have to consider the likes of federal agencies as stakeholders for reporting and accountability of sensitive data, whereas a public library addressing cybersecurity would have quite different external stakeholders. Be sure to look beyond government to software and equipment vendors, customers, and investors.
After identifying the "who," it's time to address the "how." Internal leadership is going to most strongly affect the cybersecurity plan and the organization's cybersecurity goals, and as such, you can readily define their impact. Regulatory bodies also represent clear stakeholder involvement in how policy is shaped, e.g., U.S. businesses handling PHI will need to conform to HIPAA data privacy regulations. How other stakeholders influence the plan and goals may be more difficult due to actual role (the typical employee arguably has only so much control over security) or internal politics (how leadership views investors' role in shaping cybersecurity policy). It may help to organize all stakeholders by their relationship to the cybersecurity effort (primary, secondary, key, etc.) while considering how those stakeholders will inevitably shape policy. The University of Kansas' ''Community Tool Box'' Chapter 7, Section 8 may be helpful for better identifying stakeholders and their interests.<ref name="RabinowitzIdent19">{{cite book |url=https://ctb.ku.edu/en/table-of-contents/participation/encouraging-involvement/identify-stakeholders/main |chapter=Chapter 7, Section 8. Identifying and Analyzing Stakeholders and Their Interests |title=Community Tool Box |author=Rabinowitz, P. |publisher=University of Kansas |date=2019 |accessdate=23 July 2020}}</ref>
 
==References==
{{Reflist|colwidth=30em}}

Revision as of 16:39, 16 February 2022

After identifying the "who," it's time to address the "how." Internal leadership is going to most strongly affect the cybersecurity plan and the organization's cybersecurity goals, and as such, you can readily define their impact. Regulatory bodies also represent clear stakeholder involvement in how policy is shaped, e.g., U.S. businesses handling PHI will need to conform to HIPAA data privacy regulations. How other stakeholders influence the plan and goals may be more difficult due to actual role (the typical employee arguably has only so much control over security) or internal politics (how leadership views investors' role in shaping cybersecurity policy). It may help to organize all stakeholders by their relationship to the cybersecurity effort (primary, secondary, key, etc.) while considering how those stakeholders will inevitably shape policy. The University of Kansas' Community Tool Box Chapter 7, Section 8 may be helpful for better identifying stakeholders and their interests.[1]

References