COMMUNICATION PLAN

Introduction

A communication plan is an essential component of the overall data security strategy of every
organization. To safeguard and protect the data and network of an enterprise, the security
communication plan an important function. Organizations need a good security communication
plan for many reasons. One of the reasons is that the security communication plan assists staff in
interacting and defining the roles of each team member in executing the communication plan.
This initiative primarily aims to ensure that all stakeholders can interact properly on system
security in the organization and to enable stakeholders to contribute to the security
communication process. Having a security communication plan helps coordinate access to the
organization system among all the stakeholders. As part of the communication plan, it is
essential to define the messaging strategy and the security culture.

Messaging Strategy

Messaging strategy as part of the communication plan helps to define the security impact that the
communication plan will address. The impact of a data breach on an organization can be in the
form of the cost impact on the organization’s finance, the effect on the company's reputation, the
effect on relationship with third party organization and partners, the data protection law breached
in the process, etc. Understanding these impacts helps to design a messaging strategy that
communicates a security plan to the stakeholders. Knowing the effect of a data breach or how
significant it can affect an organization’s operations will help in the compliance to data security
policies in the organization (Al-Shomrani, Fathy & Jambi, 2017). The effectiveness of the
security awareness campaign of the company would rely on the communication strategy used
and its efficacy. The management must regularly review the mechanisms used in communication
and communicate every possible data breach incident and the possible steps taken with their
workers (Zhe et al, 2017). To improve security awareness in an organization, the following are
successful strategies to be implemented.

1
Start from top management: creating awareness in the organization must include the top-level
management. Management is important in the success of an IT policy as their support in terms of
resources and enforcement is essential. Besides, making top-level managers aware of the overall
security strategy helps managers to have a detailed knowledge of what activities are performed
with the company IT infrastructure and for what purposes are the IT infrastructure used. It is also
essential for management to have knowledge about access to company sensitive data and how
they can contribute to enforcing compliance in the organization (Han, Kim & Kim, 2017).

Collaboration and synergy: Collaboration and synergy are essential in ensuring security is
achieved throughout the organization. Collaboration between various departments as to how to
achieve maximum data security through information sharing and alliance will help be of
significant help to an organization. Management must allow the IT departments to collaborate
with other departments such as the human resource department (Alqahtani, 2017). The aim of the
collaboration with the Human resources department is to create a training program that can be
used in the organization. However, the training program should be fun and enjoyable for those
involved in this training. The concept is for the IT protection staff to plan and exchange the
related details with the other departments, to combine it in a kit suited for future training and in
the organization. Besides, the content of the training must be reviewed by people from different
departments to ensure the training applies to the whole business (O'Loughlin et al, 2019). Before
implementing the final training program, the IT manager must evaluate all input given and apply
the appropriate suggestions.

Simplifying communication: an essential way to make the communication process efficient is

to devise a simple means of communicating with the employees regularly. Sending email
newsletters to keep workers up to date is a successful security technique. It is also essential to
implement security cameras that monitor activities within the organization. Monitoring activities
will help speedy detection of malicious acts in the organization (Han, Kim & Kim, 2017).

Transparency: it is essential to be transparent in creating and implementing security plans in the

organization. Managers of MUSA must be transparent to employees by informing the employees
of any changes to security policy in the organization. Also, reading documents can, however, be
boring. Thus, the policy document must be made easy and straightforward to understand
(Alshare, Lane & Lane, 2018). Any phrase or sentences that may imply hiding information must

2
be avoided in the policy document. Besides, members of MUSA must sign the policy document
that shows their agreement to the security policy thus making them liable for any form of
noncompliance

Security Culture

To have a security culture in the organization, regular training is essential. The company must
have routine non-technical training sessions to make employees prepared and security conscious.
Having regular data security training also trains workers on emerging security risks and shows
them how to avoid them with tactics and procedures. Through holding a joint training session on
the likelihood of attacks throughout the whole organization, data security becomes a collective
undertaking by all members (Ukidve, Smantha & Tadvalka, 2017).

MUSA would have to adopt the following plan to foster the desire of all stakeholders for a
stronger security culture:

1. Data security in MUSA must be implemented from top to bottom. Management must not only
provide funding for implementing data security but also be interested in contributing to data
security through their actions and activities in the organization. It is essential for management to
also lead by example by complying with data security policy.

2. The security policy needs to be clearly explained and documented by MUSA. Managers and
employees must have the details of the security policy, have detailed knowledge of what to do
and what to avoid to ensure maximum security in the organization. Members of MUSA must
have the policy documents indicating a specified AUP policy to serve as a reminder when
utilizing corporate IT infrastructure.

3. MUSA should improve its safety training to the advantage of its staff, interns, and executives
enticingly and entertainingly. The teaching material to be used for training must be designed in a
simple way that is easy for learners to understand and apply. The training should be carried out
in small and medium-sized classes every three months that will incorporate innovative
approaches for training to increase employee participation.

3
4. The IT team of MUSA is responsible for safeguarding and protecting the company system and
network. Thus, it is their responsibility to ensure a complex password is used by employees, the
frequent update of company system and software, double-factor authentication, testing, and
implementation of access policies.

4
References

Alqahtani, F. H. (2017). Developing an information security policy: A case study

approach. Procedia Computer Science, 124, 691-697.

Alshare, K. A., Lane, P. L., & Lane, M. R. (2018). Information security policy compliance: a
higher education case study. Information & Computer Security.

Al-Shomrani, A., Fathy, F., & Jambi, K. (2017, March). Policy enforcement for big data
security. In 2017 2nd international conference on anti-cyber crimes (icacc) (pp. 70-74).
IEEE.

Han, J., Kim, Y. J., & Kim, H. (2017). An integrative model of information security policy
compliance with psychological contract: Examining a bilateral perspective. Computers &
Security, 66, 52-65.

O'Loughlin, K., Neary, M., Adkins, E. C., & Schueller, S. M. (2019). Reviewing the data
security and privacy policies of mobile apps for depression. Internet interventions, 15,
110-115.

Ukidve, A., Smantha, D., & Tadvalka, M. (2017). Analysis of payment card industry data
security standard [PCI DSS] compliance by confluence of COBIT 5
framework. International Journal of Engineering Research and Applications, 7(01), 42-
48.

Zhe, D., Qinghong, W., Naizheng, S., & Yuhan, Z. (2017, May). Study on data security policy
based on cloud storage. In 2017 ieee 3rd international conference on big data security on
cloud (bigdatasecurity), ieee international conference on high performance and smart
computing (hpsc), and ieee international conference on intelligent data and security
(ids) (pp. 145-149). IEEE.