Difference between revisions of "User:Shawndouglas/sandbox/sublevel3"

From LIMSWiki
Jump to navigationJump to search
Line 1: Line 1:
After identifying the "who," it's time to address the "how." Internal leadership is going to most strongly affect the cybersecurity plan and the organization's cybersecurity goals, and as such, you can readily define their impact. Regulatory bodies also represent clear stakeholder involvement in how policy is shaped, e.g., U.S. businesses handling PHI will need to conform to HIPAA data privacy regulations. How other stakeholders influence the plan and goals may be more difficult due to actual role (the typical employee arguably has only so much control over security) or internal politics (how leadership views investors' role in shaping cybersecurity policy). It may help to organize all stakeholders by their relationship to the cybersecurity effort (primary, secondary, key, etc.) while considering how those stakeholders will inevitably shape policy. The University of Kansas' ''Community Tool Box'' Chapter 7, Section 8 may be helpful for better identifying stakeholders and their interests.<ref name="RabinowitzIdent19">{{cite book |url=https://ctb.ku.edu/en/table-of-contents/participation/encouraging-involvement/identify-stakeholders/main |chapter=Chapter 7, Section 8. Identifying and Analyzing Stakeholders and Their Interests |title=Community Tool Box |author=Rabinowitz, P. |publisher=University of Kansas |date=2019 |accessdate=23 July 2020}}</ref>
[[File:Stakeholder for Software projects.png|right|280px]]At this point, you've probably already touched upon who's most interested or concerned about how cybersecurity is implemented within your organization. The first two steps of the plan call for defining cybersecurity goals, success, scope, and responsibilities. By extension, internal leadership with a significant stake in cybersecurity success has thus been identified. Additionally, the employees of an organization play an important role in developing or applying policies and procedures that come from your cybersecurity plan. You may have identified even more internal interests in seeing the plan succeed as well. Be sure at this point those stakeholders have been clearly identified. Also ensure their roles and responsibilities are clearly outlined and disseminated to the appropriate people, which further facilitates improved internal processes, communication, accountability, and preparedness.<ref name="NARUCCyber18">{{cite web |url=https://pubs.naruc.org/pub/8C1D5CDD-A2C8-DA11-6DF8-FCC89B5A3204 |format=PDF |title=Cybersecurity Strategy Development Guide |author=Cadmus Group, LLC |publisher=National Association of Regulatory Utility Commissioners |date=30 October 2018 |accessdate=23 July 2020}}</ref><ref name="LebanidzeGuide11">{{cite web |url=https://www.cooperative.com/programs-services/bts/documents/guide-cybersecurity-mitigation-plan.pdf |format=PDF |title=Guide to Developing a Cyber Security and Risk Mitigation Plan |author=Lebanidze, E. |publisher=National Rural Electric Cooperative Association, Cooperative Research Network |date=2011 |accessdate=23 July 2020}}</ref>


==References==
==References==
{{Reflist}}
{{Reflist|colwidth=30em}}

Revision as of 16:41, 16 February 2022

Stakeholder for Software projects.png

At this point, you've probably already touched upon who's most interested or concerned about how cybersecurity is implemented within your organization. The first two steps of the plan call for defining cybersecurity goals, success, scope, and responsibilities. By extension, internal leadership with a significant stake in cybersecurity success has thus been identified. Additionally, the employees of an organization play an important role in developing or applying policies and procedures that come from your cybersecurity plan. You may have identified even more internal interests in seeing the plan succeed as well. Be sure at this point those stakeholders have been clearly identified. Also ensure their roles and responsibilities are clearly outlined and disseminated to the appropriate people, which further facilitates improved internal processes, communication, accountability, and preparedness.[1][2]

References

  1. Cadmus Group, LLC (30 October 2018). "Cybersecurity Strategy Development Guide" (PDF). National Association of Regulatory Utility Commissioners. https://pubs.naruc.org/pub/8C1D5CDD-A2C8-DA11-6DF8-FCC89B5A3204. Retrieved 23 July 2020. 
  2. Lebanidze, E. (2011). "Guide to Developing a Cyber Security and Risk Mitigation Plan" (PDF). National Rural Electric Cooperative Association, Cooperative Research Network. https://www.cooperative.com/programs-services/bts/documents/guide-cybersecurity-mitigation-plan.pdf. Retrieved 23 July 2020.