Public Sector Case Study


An information security policy is critical in any organization as it indicates objectives and strategy the management has put in place to secure data. An organizational policy document should have clearly defined security objectives and strategy agreed upon by the administration. Furthermore, the implementation strategy should be spelled to avoid defective and dysfunctional information security policies.The three issues to address include

  1. Training of organizational members of cybersecurity and how to handle information, this help enlighten members to avoid a future breach
  2. Formulation of comprehensive information security policy to outline protocols in handling information
  3. The hiring of organizational information security experts to take care of data.

An organization should manage information security violations through a comprehensive security policy. Again, many times breaches are committed by employees either deliberately or accidentally even though they understand the repercussions and disciplinary actions as spelled in the information policy. Regardless of thorough training to employees on the handling of data according to established protocols and procedures, they engage in the activity for selfish gains even though they know their actions put the organization at extreme risk. Employees may not feel the impact of a breach if they know they won’t be held personally liable. Sometimes, policies adjusted in some situations, but the specific circumstance verified, transparent and documented. The particular public sector case study depicts how information security policy determines the success and failure of a business. The system ensures continuity measures are put in place to critical functions to operate when an incident has occurred. Transparency in violation helps to instill fairness and assure employee of justice as this avoids unnecessary resistance.

Technology is rapidly evolving and thus the cybercrime. In the case study, the organization will address the following cyber-security issues to protect sensitive organization data from leaking to the public sector.

The different organization has various policies but they have similarity hence can be applied across many organizations. Below is some of the information security policy that a company can implement to prevent violations.

  1. Formation of a company’s information security leadership council that involves top management and senior officers and the team mandated with making critical data security decisions and security oversight concerning information matters.
  2. Appoint and a designated security officer who fast-tracks and reports information security issues to the Security Council.
  3. Formulate an official document that outlines the major procedure of approval in situations that deviations are necessary to establish protocols required for information security deviation. Generally, the process should be transparent, collective documented and open.
  4. The human resource department should definedisciplinary measures for those employees who violate the information security policy without permission from information security leadership.

There exist many information security threats in the contemporary world. Some of the examples of risks today involve software attacks, identity theft, intellectual property, sabotage, and extortion. Identity theft has been on the rise as people useothers personal identity information to access vital information. Sabotage involves deliberate damage website of the company to either cause loses for the company or loss of confidence for the clients.Software attacks occur in the form of introducing malicious programs into the company system in the form of worms, viruses, phishing, Trojan horses, etc. Furthermore, a data breach has become more prevalent because more devices are mobile today.



Goldman, B., &Pyatt, T. (2013). Security Without Obscurity: Managing Personally Identifiable Information in Born-Digital Archives. Library & Archival Security, 26(1-2), 37-55.

Fithen, K., & Fraser, B. (1994).CERT incident response and the Internet. Communications Of The ACM, 37(8), 108-113.

Do you need high quality Custom Essay Writing Services?

Custom Essay writing Service