Adobe’s Cyber Security Policy

Adobe’s Cyber Security Policy

1. Analyze the strategy used to protect the large organization you researched from hackers, fraud, and theft.

I focused on Adobe, which applies hundreds of security operations and controls to protect the millions of users distributed across its numerous applications against theft, fraud, or hacking. The organization automates information providing better information that enables the systems to detect issues faster, make informed decisions, besides increasing the rate of innovations in the company.

The company prioritizes the security of its client’s digital experiences. It continues to invest heavily in human resources, artificial intelligence systems, and machine learning to reduce the risks of cybersecurity attacks. Additionally, the firm applies cybersecurity policies that are per the expected guidelines, certifications, and laws, which ensures that their security controls are consistent across the platforms (Limba, Plėta, Agafonov, et al. 2019). The processes outlined in the policies enable the development team to reinforce the security of their products and services.

The software protects the information at the document level, meaning that it safeguards sensitive information regardless of where it goes. The company also designs its operations to ensure optimum security, and employees also undergo training programs to update them on possible challenges they are likely to encounter in their firm and the industry, as well as their counter-attacks (Bayuk, Healey, Rohmeyer, et al. 2012). Adobe considers cybersecurity a community effort, which is why it works with various partners in the industry to create awareness regarding cybersecurity and the maintenance of the best practices.

B: Describe how your researched large organization uses “policy as a project” in its program.

The implementation of policy as a project refers to integrating security systems with the organization’s goals and objectives. Adobe initiates the process by defining the tasks, plans appropriately, and sets precise goals and objectives within a specified time frame (Bayuk, Healey, Rohmeyer, et al. 2012). The organization outlines the possible risks based on past encounters and current trends in the industry. Adobe uses this approach to assess the effectiveness of the policy against potential threats.

Moreover, it creates awareness among stakeholders on the significance of the policy. It also ensures that the system focuses primarily on reducing the cybersecurity risk within the organization and that it is not based on effective security practices in the industry (Srinivas, Das, & Kumar, 2019). The organization establishes cybersecurity policies as part of the security scheme. Adobe then aligns its plans with the firm’s strategies to predict its success rates and set viable goals.

Adobe documents the desired outcomes clearly and lays out programs to educate its employees on the most effective approach to achieving them. The organization then comes up with methods of motivating its employees to increase its productivity and boost sales. The management then monitors the operations to ensure that all parties are working towards attaining similar goals.

The management also ensures that all the policies coincide with the outlined strategies. If the management identifies breaches in policy compliance, they implement the necessary changes (Bayuk, Healey, Rohmeyer, et al. 2012). If the employees experience too much strain in policy compliance, they record the details in a management feedback loop. Adobe uses the Adobe Secure Product Lifecycle, which comprises various developmental and operational operations that maintain the software’s security posture.

Once the organization dispatches the software in the market, it collects the information, processes, transmits, and stores it in Adobe services. The data is classified based on the Adobe Data Classification and Handling process. The information is then protected depending on its categorization and handling necessities, which ensure the proper application of security controls. Consequently, Adobe achieves the maximum potential of its security policies, giving it a competitive advantage.

1. Analyze the far-reaching consequences of not having a policy for cybersecurity. Justify your thoughts with real-world examples.

It is important to note that cybersecurity policies play an essential role in an organization since it prevents data breaches and cyber-attacks, which may cause a substantial loss (Jenab & Moslehpour, 2016). In this view, cybersecurity consultants and researchers have proved that a single data breach of a cyber-attack may cause millions of dollars’ worth of information along with loss of essential documents. As a result, there is a disruption of the day-to-day operations of a business.

In the absence of a robust security policy in an organization, it is virtually impossible to enforce, coordinate, and monitor a security program across a company or institution. In this viewpoint, there are several drawbacks of not having a precise cybersecurity policy in an organization; for example, the system may be slower than usual. Firewall configuration can be problematic, therefore causing the internet users to be unable to perform specific actions.

In October 2013, Adobe suffered a significant security breach, which affected approximately 153 million users. Analysts estimated that over three million credit cards belonging to their clients and login data were stolen. However, the organization could not determine the number of users’ accounts, whose security details were altered. Later on, research indicated that the breach exposed clients’ names, identification numbers, social security information, and passwords. Following the lawsuits filed by a majority of the clients, the firm was ordered to pay 1.1 million dollars in legal fees. Additionally, the organization had to pay an unrevealed amount for the violation of the Customer Records Act and irregular business operations.

1. Cover the basic needs should there be a lack of cybersecurity policy in an organization. Decide what can be done to provide a base for security needs.

One of the most challenging tasks is developing a robust cybersecurity policy for an organization as every software fits a different need. Hence, in a scenario where an organization may lack a cybersecurity policy, there should be basic requirements to identify a potential security threat (Bayuk, Healey, Rohmeyer, et al. 2012). These requirements are purpose, audience, data support and security operations, responsibilities, duties, and rights of personnel, data classification, authority and access control policy, and information security objectives.

For an organization to have a base for security needs, various objectives need to be put in place, such as physical security components as a more comprehensive security strategy, understanding access control. Other aspects that need to be considered are the documentation of events happening in the space, alerting suspicious movements or behaviors on the premises, and regular updates of emerging security threats.

References

Bayuk, J. L., Healey, J., Rohmeyer, P., Sachs, M. H., Schmidt, J., & Weiss, J. (2012). Cybersecurity policy guidebook (pp. 1643-1653). Hoboken: Wiley.

Jenab, K., & Moslehpour, S. (2016). Cyber security management: A review. Business Management Dynamics, 5(11), 16.

Limba, T., Plėta, T., Agafonov, K., & Damkus, M. (2019). Cyber security management model for critical infrastructure.

Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178-188.

Adobe’s Cyber Security Policy

Student’s Name:

Professor’s Name:

Course:

Date:

Adobe’s Cyber Security Policy

1. Analyze the strategy used to protect the large organization you researched from hackers, fraud, and theft.

I focused on Adobe, which applies hundreds of security operations and controls to protect the millions of users distributed across its numerous applications against theft, fraud, or hacking. The organization automates information providing better information that enables the systems to detect issues faster, make informed decisions, besides increasing the rate of innovations in the company.

The company prioritizes the security of its client’s digital experiences. It continues to invest heavily in human resources, artificial intelligence systems, and machine learning to reduce the risks of cybersecurity attacks. Additionally, the firm applies cybersecurity policies that are per the expected guidelines, certifications, and laws, which ensures that their security controls are consistent across the platforms (Limba, Plėta, Agafonov, et al. 2019). The processes outlined in the policies enable the development team to reinforce the security of their products and services.

The software protects the information at the document level, meaning that it safeguards sensitive information regardless of where it goes. The company also designs its operations to ensure optimum security, and employees also undergo training programs to update them on possible challenges they are likely to encounter in their firm and the industry, as well as their counter-attacks (Bayuk, Healey, Rohmeyer, et al. 2012). Adobe considers cybersecurity a community effort, which is why it works with various partners in the industry to create awareness regarding cybersecurity and the maintenance of the best practices.

B: Describe how your researched large organization uses “policy as a project” in its program.

The implementation of policy as a project refers to integrating security systems with the organization’s goals and objectives. Adobe initiates the process by defining the tasks, plans appropriately, and sets precise goals and objectives within a specified time frame (Bayuk, Healey, Rohmeyer, et al. 2012). The organization outlines the possible risks based on past encounters and current trends in the industry. Adobe uses this approach to assess the effectiveness of the policy against potential threats.

Moreover, it creates awareness among stakeholders on the significance of the policy. It also ensures that the system focuses primarily on reducing the cybersecurity risk within the organization and that it is not based on effective security practices in the industry (Srinivas, Das, & Kumar, 2019). The organization establishes cybersecurity policies as part of the security scheme. Adobe then aligns its plans with the firm’s strategies to predict its success rates and set viable goals.

Adobe documents the desired outcomes clearly and lays out programs to educate its employees on the most effective approach to achieving them. The organization then comes up with methods of motivating its employees to increase its productivity and boost sales. The management then monitors the operations to ensure that all parties are working towards attaining similar goals.

The management also ensures that all the policies coincide with the outlined strategies. If the management identifies breaches in policy compliance, they implement the necessary changes (Bayuk, Healey, Rohmeyer, et al. 2012). If the employees experience too much strain in policy compliance, they record the details in a management feedback loop. Adobe uses the Adobe Secure Product Lifecycle, which comprises various developmental and operational operations that maintain the software’s security posture.

Once the organization dispatches the software in the market, it collects the information, processes, transmits, and stores it in Adobe services. The data is classified based on the Adobe Data Classification and Handling process. The information is then protected depending on its categorization and handling necessities, which ensure the proper application of security controls. Consequently, Adobe achieves the maximum potential of its security policies, giving it a competitive advantage.

1. Analyze the far-reaching consequences of not having a policy for cybersecurity. Justify your thoughts with real-world examples.

It is important to note that cybersecurity policies play an essential role in an organization since it prevents data breaches and cyber-attacks, which may cause a substantial loss (Jenab & Moslehpour, 2016). In this view, cybersecurity consultants and researchers have proved that a single data breach of a cyber-attack may cause millions of dollars’ worth of information along with loss of essential documents. As a result, there is a disruption of the day-to-day operations of a business.

In the absence of a robust security policy in an organization, it is virtually impossible to enforce, coordinate, and monitor a security program across a company or institution. In this viewpoint, there are several drawbacks of not having a precise cybersecurity policy in an organization; for example, the system may be slower than usual. Firewall configuration can be problematic, therefore causing the internet users to be unable to perform specific actions.

In October 2013, Adobe suffered a significant security breach, which affected approximately 153 million users. Analysts estimated that over three million credit cards belonging to their clients and login data were stolen. However, the organization could not determine the number of users’ accounts, whose security details were altered. Later on, research indicated that the breach exposed clients’ names, identification numbers, social security information, and passwords. Following the lawsuits filed by a majority of the clients, the firm was ordered to pay 1.1 million dollars in legal fees. Additionally, the organization had to pay an unrevealed amount for the violation of the Customer Records Act and irregular business operations.

1. Cover the basic needs should there be a lack of cybersecurity policy in an organization. Decide what can be done to provide a base for security needs.

One of the most challenging tasks is developing a robust cybersecurity policy for an organization as every software fits a different need. Hence, in a scenario where an organization may lack a cybersecurity policy, there should be basic requirements to identify a potential security threat (Bayuk, Healey, Rohmeyer, et al. 2012). These requirements are purpose, audience, data support and security operations, responsibilities, duties, and rights of personnel, data classification, authority and access control policy, and information security objectives.

For an organization to have a base for security needs, various objectives need to be put in place, such as physical security components as a more comprehensive security strategy, understanding access control. Other aspects that need to be considered are the documentation of events happening in the space, alerting suspicious movements or behaviors on the premises, and regular updates of emerging security threats.

References

Bayuk, J. L., Healey, J., Rohmeyer, P., Sachs, M. H., Schmidt, J., & Weiss, J. (2012). Cybersecurity policy guidebook (pp. 1643-1653). Hoboken: Wiley.

Jenab, K., & Moslehpour, S. (2016). Cyber security management: A review. Business Management Dynamics, 5(11), 16.

Limba, T., Plėta, T., Agafonov, K., & Damkus, M. (2019). Cyber security management model for critical infrastructure.

Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178-188.