Organizations that rely on network infrastructure for their business operations must use security technology to protect the network from the harmful actions of automated attacks as well as from activities malicious humans. It is also important to adopt policies and guidelines for the organization's employees, who in many ways may be the weakest link in the security chain. According to a Ponemon Institute survey (2012), “78% of respondents said their organization had suffered a data breach as a result of negligent or malicious employees or other internals” (p.1). A statistic like this highlights the need for overarching policies that detail company expectations and mandates for specific cybersecurity situations. Policy ConsiderationsFor a cybersecurity policy to be successful, it must cover every conceivable situation (Easttom, p.201, 2012). Security events that are not associated with a policy will likely not be handled as efficiently as an event that has a policy. Policies reduce or eliminate uncertainty about how a security event should be handled. A successful cybersecurity policy will limit actions enough to facilitate network security while avoiding mandates that restrict behaviors so tightly that employees will become resentful or find ways to circumvent the policies. When considering specific policies, it is important not to create policies that are unclear or open to interpretation. Instead, each policy should be as specific as possible, leaving little room for interpretation or misunderstanding. Cybersecurity policies can be advisory or mandatory. Advisory policies are suggested, but not implemented. An advisory policy...... middle of paper ......, the company's security policies will be subject to review by management and IT staff on a semi-annual schedule. Through a periodic review process, company cybersecurity policies will remain relevant and effective, even as circumstances change over time.ReferencesCisco. (2005). Network Security Policy: White Paper on Best Practices. Retrieved January 19, 2014 from http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a008014f945.shtmlEasttom, C. (2012). Fundamentals of computer security. Indianapolis. Pearson.Microsoft. (2012). Strong passwords. Retrieved January 19, 2014, from http://technet.microsoft.com/en-us/library/ms161962.aspxPonemon Institute. (2012). The human factor in data protection. Retrieved January 19, 2014 from http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt_trend-micro_ponemon-survey-2012.pdf