reply to the post below just half page cmit

by

Information security plans and policies are vital to a business and its operations. They are used to raise awareness of known or possible issues or vulnerabilities and provide managers and employees the necessary information to reduce or avoid the threats through thoroughly laid out do’s and don’ts for each to follow. Unfortunately, these plans and policies are only effective when they are communicated to managers and employees outlining the nature of each policy and why it exists or informing of any updates or changes made to existing policies. The best way for companies to ensure this is through the implementation of an effective communication strategy. A communication strategy (in the case of RCR) is a strategic and effective method of communicating polices, plans, or changes/updates to current policies or plans in the form of documents or presentations to managers and employees through one of several different distribution methods such as:

  • Distribution of printed copies
  • Email distribution
  • Web links to an internal website or company forums
  • Face-to-face briefing (with or without Question & Answer session)
  • Company Newsletter
  • Manager/Employee Handbooks
  • Company Noticeboard
  • Training sessions
  • Skype, Facetime, or Webinar briefings

The Five Best Communication Strategies and Why

Even though there are several communication strategies which can be employed, here are the top five best options for RCR to use. These are to be used once a thoroughly written policy, plan, or update document/presentation has been completed. The importance of making it clear why the policy is necessary and giving a brief but informative summary of what it holds cannot be understated.

  1. Email Distribution – Email distribution is an effective way to keep managers and employees informed of important information, meetings, events, etc. Through the attachment of read receipts, recipients who have read the emails can be tracked. Through distribution lists, it is easy to separate departments and reach multiple recipients in one easy mailing.
  2. Face-to-face briefings/training sessions – These are each organized meetings or sessions where one briefer or trainer communicates information to multiple personal. As long as the briefings do not become too complicated or time consuming, this is an effective way to communicate information to managers and employees while often providing the opportunity for questions or feedback. By having attendees sign into the briefing or session, tracking of who has received the updates is easy to do.
  3. Skype, Facetime, or Webinar briefings – Skype, Facetime, and Webinars are electronic communication methods used for one to one or conferences. By using this method, attendees can receive an emailed version of the briefing outline and attend while at their desks at their computers. These forms are normally live, but they can also be made into versions which can be watched at the manger or employees convenient via a link or company website. Each method is effect, but the live versions can allow for questions and feedback.
  4. Distribution of printed copies via Company Newsletter or Members Handbook – This is a tried and true form of distribution all be it in a form which works towards conservation. Printed copies can be added to a Company Newsletter (which could also be electronic) to be distributed to managers/employees or posted on Company Noticeboards. The printed copies can also be placed in manager/employee handbooks for review. Manager/Employee Handbooks should contain any important information directly relating to their jobs or the performance of their jobs.
  5. Company Noticeboards – Company noticeboards are an effective way to distribute information to managers and employees. This consists of posting a document which clearly and concisely conveys the information being passed along. This method is only effective if the boards are read and if information is clear, readable, and easy to understand. Noticeboards can be placed in as many locations as necessary but are generally in high traffic or congregating areas of the workplace.

Examples of Policies Which Need to be Communicated to the Workforce

Although an effective information security program can be made up of a number of different policies, there are a few which are extremely important to managers and employees. Some examples are:

  1. Acceptable Use Policy for Information Technology – This policy provides rules and guidelines for managers and employees as to what can and cannot be done on or with company IT property such as computers, networks, etc. IT is vital employees review and understand this policy to be able to effectively use company technology in the course of performing their jobs. The receipt of updates is equally important in order to continue to meet policy objectives.
  2. Bring Your Own Device Policy – This policy establishes guidance for the use of personal electronic devices at work and on the company network. It outlines what steps must be taken and security measures met to be allowed access as well as what is and is not allowed in regard to its use. Having a BYOD policy can be of a great benefit to the company, but managers and employees must have a clear understanding of it along with any updates that occur over time.
  3. Data Breach Response Policy – The data breach response policy can make or break a company these days. Not only does the policy need to be comprehensive and effective, but it must be easy for managers and employees to understand and follow. The policy will “outline response measures should a data breach take place which will attempt to mitigate further damage, retrieve lost or stolen information, investigate the cause, and notify those affected” (Skyberg, T., 2020, pg. 3). This policy is critical to a company and they must ensure all updates make it to managers and employees to enable all up to date steps to be taken should a break occur.

Summary and Conclusion

The above briefing has described the communication strategies and why

they are vital to companies. Five communication methods were outlined

(Email distribution, Face-to-face briefings/training sessions, Skype,

Facetime, or Webinar briefings, Distribution of printed copies via

Company Newsletter or Members Handbook, and Company Noticeboards) as

well as why they are important. Finally, three examples of policies

which would be important for managers and employees to be aware of,

understand, and be kept updated on. As stated in the introduction,

information security policies and plans are critical to the success and

security of a company, but an effective communication strategy will make

or break managers and employees awareness and comprehension of them.