Question

Give an example of each of the following and how they are used in the example you gave:

1. Enterprise Information Security Policy (EISP)

2. Issue-Specific Security Policy (ISSP)

3. System-Specific Security Policy (SysSP)

Answer 1

1. An EISP documents provide an overview of corporate philosophy on security.It should have responsiblities for security shared by all members in the organization.
For example can be a hospital system where we have a lot of senstive patients data in electronic form, Here EISP is used to keep data safe from unauthorized access or accidental dissemination.So we intergrate our mission and objectives of the organization into its EISP by defining specific security measures.

2.An issue specific security policy is developed that consists of guidlines that have the use of individual technology in an organization. for example in an organization an ISSP clearly state that their employees can not use company's network to connact there personal device. An ISSP must be updated regularly whenever an new technology is added or technology is changed.

3. A SysSP provides information that how individual system is set up and maintained.It is like a manual of procedures which has information that how systems are maintained and configured.
An example of it could be in explaining how different type of computer users have different access levels in a marketplace.