Question

In: Computer Science

List and describe the three types of InfoSec Policies: In what way are policies different from...

List and describe the three types of InfoSec Policies:

In what way are policies different from procedures?

please explain in detail. And do not copy.

Solutions

Expert Solution

* Enterprise information security policy (EISP): It defines attitude, possibility, planned and strategic direction, tone, the scope for an organization, and all the security areas and oriented topics within a company or an organization. It directly reflects the tasks and goals of a company or an organization.

* Issue-specific security policy (ISSP): It is used as a guide to all the employees or members of a company or an organization on the new technologies such as e-mail, Internet, Virtual Private Network (VPN), etc., how they are and should be used, related issues, attacks, cases, etc. It enables the employees to learn and understand the policy and at the same time aids them in how to uphold the organization's ethical codes.

* System-specific security policy (SysSP): It focuses and defines specific types of systems. For example firewalls, Virtual Private Network (VPN), mobile devices, etc. It provides the employees with the guidelines for how the systems to be implemented and uphold and manages the systems' configuration, usage, and maintenance standards.

How policies are different from procedures:

* Policies:
They define the "Why" for Information Security (InfoSec). They act as anchors for data security. They are statements written, produced, and supported formally by senior management. They are either specific to systems, specific to issues, or company- or organization-wide. An organization's or a company's policies reflect their objectives for their InfoSec program, which include protecting information, management of risks, the security of the infrastructure. Policies are logically a building foundation, in a manner. They resist changes or erosion and are built to last, longer. Intended readers, employees, and users can understand and access them, easily. They are created so they are intact for many years and for any business requirements, they would be regularly reviewed and changes would be made based on necessary approvals. Business objectives actually drive them. It conveys how much risk senior management is willing to take.

* Procedures:
They define the "How" for InfoSec. They are step-by-step instructions written in detail for achieving given mandates or goals. They are meant for internal departments within a company or an organization. Procedures are required for adhering to stringent change control processes. They are developed on the fly, dynamically. Procedures being developed should be documented consistently and comprehensively. They are called "cookbook" for employees, staff, or users to follow to achieve a task or a repeatable process. They are written in detail, sufficiently. They are not written and documented such that only a single person or a small team, department, or group understands, but is created for all. Some of the examples of procedures are Operating Systems (OSs) installations, carrying out system backup activities, granting employees or users system's access rights, provisioning, creating, adding, and setting up of new user accounts for, say, new employees who just joined the company, etc.


Related Solutions

list and describe the three types of administrative agencies
list and describe the three types of administrative agencies
List and describe the three different types of membrane transport that occur in a cell (not including bulk transport).
List and describe the three different types of membrane transport that occur in a cell (not including bulk transport). Provide one example of each.
List and briefly describe four different types of firms in the intermediary channel. What are the...
List and briefly describe four different types of firms in the intermediary channel. What are the advantages and disadvantages of the mutual fund supermarket for a small sponsor of funds? What is account aggregation, and what are the two methods for aggregating accounts? What are the uses and limitations of performance advertising? What is the tension between performance and brand advertising? What is a mutual fund wrap program? How does it differ from a separately managed account? What are 529...
Explain what is data and list the different types of data? List and explain the different...
Explain what is data and list the different types of data? List and explain the different methods to collect data.
List and describe the three major types of business financing?
List and describe the three major types of business financing?
what are virulence factors? List and describe the different types of virulence factors that can exist?
what are virulence factors? List and describe the different types of virulence factors that can exist?
What are endorphins and how do they reduce pain? 2. List and describe the different types...
What are endorphins and how do they reduce pain? 2. List and describe the different types of pain. 3. Give reasons why older adults often do not express pain. 4. Identify the nonverbal cues you would look for when assessing the pain of a confused patient. 5. How does transcutaneous electrical nerve stimulation (TENS) differ from percutaneous electrical nerve stimulation (PENS)? 6. When applying heat, what precautions should you consider? 7. What are the basic categories of medication for the...
Describe three different types of benchmarks used in ratios.
Describe three different types of benchmarks used in ratios.
Describe three different types of warehouses and the advantages of each?
Describe three different types of warehouses and the advantages of each?
◦ Describe the different types of blood vessels (including two types of arteries and three types...
◦ Describe the different types of blood vessels (including two types of arteries and three types of capillaries.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT