Microsoft's new framework could help policymakers better understand cybersecurity

The firm's new Cybersecurity Policy Framework aims to provide building blocks and best practices from organizations around the world.

How to overcome employee resistance to new cybersecurity policies Implementing a new security practice can be difficult for employees. Merritt Maxim, of Forrester Research, offers some tips on how leaders can improve adoption of these efforts.

With regulations like the EU's General Data Protection Regulation (GDPR) going into effect, topics like cybersecurity and data privacy are becoming critical for governments to address. However, some non-technical government leaders might not have any idea on where to start when building a cybersecurity policy.

To help policymakers better understand just what goes into an effective cybersecurity policy, Microsoft released its new Cybersecurity Policy Framework on Thursday, as detailed in a blog post. According to the post, the building blocks presented in the framework were created from organizational best practices found around the world.

Microsoft also took what it learned from years of working with policymakers in many different economies, and used that information to build out its framework, the post said.

"Nations coming online today, and building their cybersecurity infrastructures, should not—and need not—be burdened with the stumbling blocks that characterized previous generations of cybersecurity policies," the post said. "Instead, such nations should be empowered to leapfrog outdated challenges and unnecessary hurdles."

In the post, Microsoft cited United Nations research that shows half of the countries in the world today "either have or are developing national cybersecurity strategies." The firm hopes that its framework will improve that number.

The Cybersecurity Policy Framework is focused on high-level ideas in cybersecurity, the post said, and shouldn't be considered a single solution for all cybersecurity issues. In its current iteration, the framework includes national and international strategies for cybersecurity, along with tips for how to establish a national cyber agency, develop and update cybercrime laws, and develop and update critical infrastructure protections.

If your organization isn't too keen on re-writing your security policies, or writing them up for the first time, check out some of the readymade policy templates from our sister site Tech Pro Research:

The big takeaways for tech leaders:

  • Microsoft's Cybersecurity Policy Framework could help policymakers better understand the building blocks and best practices of an effective security policy.
  • Microsoft's Cybersecurity Policy Framework contains national and international strategies for cybersecurity, along with various other tips.

Also see

securitypolicy.jpg
Image: iStockphoto/sarayut