With regulations like the EU's General Data Protection Regulation (GDPR) going into effect, topics like cybersecurity and data privacy are becoming critical for governments to address. However, some non-technical government leaders might not have any idea on where to start when building a cybersecurity policy.
To help policymakers better understand just what goes into an effective cybersecurity policy, Microsoft released its new Cybersecurity Policy Framework on Thursday, as detailed in a blog post. According to the post, the building blocks presented in the framework were created from organizational best practices found around the world.
Microsoft also took what it learned from years of working with policymakers in many different economies, and used that information to build out its framework, the post said.
"Nations coming online today, and building their cybersecurity infrastructures, should not—and need not—be burdened with the stumbling blocks that characterized previous generations of cybersecurity policies," the post said. "Instead, such nations should be empowered to leapfrog outdated challenges and unnecessary hurdles."
In the post, Microsoft cited United Nations research that shows half of the countries in the world today "either have or are developing national cybersecurity strategies." The firm hopes that its framework will improve that number.
The Cybersecurity Policy Framework is focused on high-level ideas in cybersecurity, the post said, and shouldn't be considered a single solution for all cybersecurity issues. In its current iteration, the framework includes national and international strategies for cybersecurity, along with tips for how to establish a national cyber agency, develop and update cybercrime laws, and develop and update critical infrastructure protections.
If your organization isn't too keen on re-writing your security policies, or writing them up for the first time, check out some of the readymade policy templates from our sister site Tech Pro Research:
- Information security policy (Tech Pro Research)
- Network security policy (Tech Pro Research)
- Security awareness and training policy (Tech Pro Research)
- Information security incident reporting policy (Tech Pro Research)
- Password management policy (Tech Pro Research)
- Guidelines for building security policies (Tech Pro Research)
The big takeaways for tech leaders:
- Microsoft's Cybersecurity Policy Framework could help policymakers better understand the building blocks and best practices of an effective security policy.
- Microsoft's Cybersecurity Policy Framework contains national and international strategies for cybersecurity, along with various other tips.
- A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
- How to write a good security policy for BYOD or company-owned mobile devices (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Internet security, encrypted messaging and privacy projects win Facebook grants (ZDNet)
- A buyer's guide to VPNs (Download.com)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.