Cybersecurity Policies: Essential for Business Continuity in the US

IT security policies are an integral element in ensuring the continuity of businesses in a state, minimizing the impacts of insecurity incidents, and, generally, reducing the operational damages caused by the insecurities. Cyber threats, for instance, is a significant concern for many states in the USA. Thus, cybersecurity policies are a vital measure that has been adopted by a majority of the states. Before September 11, 2001, terrorist attack in the USA, cybersecurity was not a priority measure for a majority of the states. However, after the September 11 attack, cybersecurity became the most prioritized security measure in almost all of the states in the USA. Having a comprehensive and extensive source and storage of information and data regarding all cyber threats that face every state officials and citizens, in general, is a necessity in every governor's office in all the states whose intentions are to curb and eliminate cybersecurity crimes. IT security policies are a necessity in all states, whether poor, wealthy, large, or small. Cybercriminals do not target specific states for their wealth or poverty; rather, they take advantage of the loopholes in the IT security systems of any state. This paper aims to compare and contrast the IT security policies of Alabama and Indiana state governments.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

One of the most significant similarities between the IT policies in the state of Alabama and Indiana is that both policies have been developed to establish a common point of reference on all matters regarding cybersecurity for all the employees of the state and the state citizens. Primarily, the goal of the IT security policy in the state of Alabama is to ensure that the state has an adequate and sufficient security system that can timely respond to cybersecurity incidents to protect the state's data and IT system, thereby preventing the state from experiencing any disruptions in service delivery (State of Alabama Information Technology Policy, 2011). Similarly, the primary goal of the state of Indiana is to ensure the establishment of an appropriate security policy that would provide guidelines on matters regarding cybersecurity threats and crimes (Lohrmann, 2015).

Another similarity is that cybersecurity experts have developed the IT security policies for both Alabama and Indiana states with a wide range of knowledge in computer science, and information technology. The development of the IT security policies by professionals in both states is strategic in ensuring that the developed policies can adequately enable the states to protect their resources.

The IT security policies in Alabama and Indiana are also similar in that the critical personnel in both states are expected to comprehend all the components that are categorized as cybersecurity incidents and to understand the procedures for reporting such incidents. In the state of Indiana, the Chief Information Officer is mandated to ensure that all understand all the IT security policies and that the policies are implemented fully without favor or fear from any person (Lohrmann, 2015). Similarly, in the Alabama state, the users of the IT security gadgets are expected to have a deeper understanding of all the constituents of the policies and the procedures involved in reporting cybersecurity crimes (State of Alabama Information Technology Policy, 2011).

In both IT security policies, citizens in both states are required to timely report any suspected threats to cybersecurity to the relevant authorities. In the Indiana state, the IT security policy requires that citizens remain vigilant and keen at all times on any suspected incidents that may pose a risk to the state's cybersecurity (Lohrmann, 2015). The call to remain vigilant is also evident in Alabama's IT security policy, where citizens are asked to remain vigilant at all times and report any incidents of cybercrime to the relevant authorities in time (State of Alabama Information Technology Policy, 2011).

A unique feature for Indiana's IT security policy is that the policy allows for some exceptions. Because the IT security policy in Indiana requires the chief information security officer to help in the implementation of the policy, the requests for policy exceptions are made through the officer, who would then approve or disapprove the waivers and exemptions (Lohrmann, 2015). In contrast, the IT security policy in the state of Alabama does not provide for such exceptions.

Indiana's state IT security policy has fewer subheadings and appears to be less detailed, but contrary to the expectations, Indiana's policy is more precise and explains all the security laws and policies in details unlike Alabama's IT security policy which appears to have more subheadings and gives the perception of more information which to the contrast is less detailed compared to Indiana's policy.

The IT security policies in Alabama and Indiana also differ in their response procedures towards cybersecurity incidents. In the state of Alabama, the cybersecurity incidents are reported to security experts who work independently. Thus, the policies and regulations by the office of the governor do not have any interference with the work of the security experts (State of Alabama Information Technology Policy, 2011). In the state of Indiana, the cybersecurity experts work hand in hand with the office of the governor. Thus, they are subject to policies and regulations made by the governor's office.

Another significant difference between the IT security policies of the two states is that It policy of the state of Indiana indicates all the procedures involved during cybercrime incident procedures. In contrast, the IT policy of Alabama does not highlight the incident response procedures related to cybercrimes.

The IT security policy of the state of Indiana is more detailed and includes all the procedures involved in incident responses. Therefore, in my opinion, Indiana's policy is better than Alabama's policy, which is less detailed and leaves out the procedures involved in incident responses. The state of Indiana's policy illustrates the great concern and dedication of the state to curb issues related to cyber insecurity. In contrast, that of the IT security policy of Alabama needs to be revised and enhanced to ensure that cybercrimes are handled sufficiently and timely.

Some of the best practices recommendations for the improvement of IT security policies in both states include providing new and continuing security education to the users of the IT devices in the states, frequent updating the software and systems of the devices being used in the states, conducting routine checks on the internal cybersecurity threats that could be posed by those already working in the state, integrating industry-recognized security standards and performing regular data backup for all the state's data to ensure that no critical information is lost to cybercriminals.

The IT security policies for Indiana and Alabama indicate the increased threat to cybersecurity in both states, which also extends to other states in the USA. In both states, cybercrime experts play a critical role in ensuring that all threats to cybersecurity are neutralized in time. This paper highlights some of the most significant similarities and differences between the IT policies of the two states and gives recommendations on the best practices that can be adopted to enhance the policies in both states. Ultimately, this paper notes that an IT security policy that is more detailed and indicates all the procedures involved in incident reporting is more preferred.

References

Lohrmann, D. (2015). Indiana to Launch New IN-ISAC and Enhance Cyberdefense Programs. Retrieved from https://www.in.gov/cybersecurity/in-isac/Office of the Information Technology Cybersecurity Alabama (2020). Retrieved from https://cybersecurity.alabama.gov/about/State of Alabama Information Technology Policy (2011). Retrieved from https://oit.alabama.gov/wp-content/uploads/sites/14/2017/09/Policy_621_Network_System_Access.pdf