Self-Reflective Blog Post Journal — Week 3 Module 3: Corporate Governance, Policies and the Regulatory Environment
It took a while to get used to transitioning to the legal aspect of cybersecurity, but I managed to do so.
Module Impressions:
I am glad that this module returned to being not too long, not too short content. Since this module was dealing with the legal aspect of cybersecurity, I was concerned with getting used to it. But since the module’s amount of content was similar to Module 1, I didn’t struggle to transition, which was a sigh of relief. The first half of the module gave useful documents, such as the NCPF, ECT Act, and the POPI Act, which will be of great reference in the future. The content I learned in the first half reaffirmed my belief about South Africa tackling its issues ; it has the ideal legislation and regulation in place, but it slowly implements them, which is why the POPI Act has not being put into compliance for over 8 years.
The second half was about learning the creation, development and implementation of cybersecurity policies as well as the three main types of cybersecurity policies used, which I found fascinating. I also enjoyed this module’s graded activity; not only was it an assessment quiz, but it also had some challenging questions, which made it worthwhile.
How does policy inform culture?
Policy establishes rules and knowledge; cultures are defined by specific rules and knowledge relating to a specific group of people. Therefore, policy lays the foundation for establishing a cybersecurity culture for a specific organization.
Can culture be created by policy alone?
No, culture can also be created by handing down knowledge, skills and beliefs from one person to another. Just as an individual grows up learning not to talk to strangers, culture can be created from inheriting knowledge, skills and beliefs from the preceding generation. As such, cybersecurity culture can be created from learning at a young age that malware is bad and cybersecurity prevents it, thus laying the foundation for a cybersecurity culture.
Final Thoughts:
I am glad that this module returned to the not too long, not too short content and gets straight to the point, so I found this module to be a breathe of fresh air. I hope that the next module keeps up this pace of learning.
