Anthony,

Making sure the public is safe when using out local government website is our number one priority. Due to increased hacking attempts against the Service Request system, we have decided to adopt a new cybersecurity policy. A security policy is the statement of responsible decision makers about the protection mechanism of a company crucial physical and information assets. Overall, it is a document that describes a company’s security controls and activities (“An Introduction to Cyber Security Policy”, 2019). The main goal of this new cybersecurity policy is to inform the employees in an organization their obligations for ensuring the protection of the network and IT assets of the company. A key component of the cybersecurity policy is adding access controls that limit access to important information resources within an organization that requires protection of unauthorized modification or retrieval.

The new cybersecurity policy will require users to have two-factor authentication in order to gain access to online services. The registration form requires name, address, cell phone number, email address, date of birth, and the last four digits of the individual’s social security number. Some of the local residents feels like this is a complete invasion of their privacy, but there are a couple of benefits that are derived from the adoption of this new policy. It is our job to help them understand the benefits that come with this added security measure and understand how it benefits them. If we can convenience them that this is for the better it will help them to accept this new, but needed change.

With this new policy in place, it will help with access control. Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization (“What is access control? – Definition from WhatIs.com”, 2019). Another reason is with the added information needed to access these online services it puts a stop to fake accounts than can be made to access others profiles or information. For example, authentication factors about “something the user knows”, like passwords and pins, can be susceptible to brute-force attacks. You can supplement it by adding an authentication factor that is not so easily guessed, like “something you have” by authenticating users through their mobile device or through “something you are” like a biometrics factor like fingerprint or voice. Unless the hacker has all of the factors required by the system, they will not be able to access the account (Dacanay, 2017).

Even though we have the proof that shows this is the best idea the public is who we are here to please. With the large amount of backlash we are receiving from the public there are talks of suspending implementation of the new policy for 90 days or even up to 180 to allow members of the public to comment on the new policy. If we were not having the increased hacking attempts against the Service Request system this would be a great idea, but in this case I believe going forward with the implementation is the best idea. We have a duty to protect all users of our services and and by suspending the implementation of this new cybersecurity policy we are putting our users at risk.