Question

In: Computer Science

WEEK 1: GOOD COMPONENTS OF A SECURITY POLICY What are good components of an organizational information...

WEEK 1: GOOD COMPONENTS OF A SECURITY POLICY

What are good components of an organizational information security policy? What are some areas that you think should be addressed? What are some obstacles that keep organizations from having a well thought-out security policy? How can they be overcome?

Solutions

Expert Solution

What are good components of an organizational information security policy? What are some areas that you think should be addressed?

Whether you are tasked with the writing your organization’s Information the Security Policies and to updating the existing security policy and the security policies, knowing what is in the well crafted policy is the important. Below are details of many of areas you should the include:

Security Definition – All the security policies should include the well-defined security the vision for organization. The security vision should be clear and the concise and the convey to readers intent of the policy. Also included in the section should be details of what if any the security standards your the organization is following.

Examples of which are ISO 27001 Information the Security Management of the System (sometimes still referred to ISO 17799), the NIST Standard (National Institute of the Standards and the Technology) and any of other standards available to us.

Enforcement – This section should clearly to identify how policy will be enforced and how the security breaches and misconduct will be handled. Whatever the enforcement actions us enact should be the cohesive with enforcement actions that you already have in the place for any enterprise the security breaches.

User Access to the Computer Resources – This section should identify the roles and the responsibilities of the users accessing resources on the organization’s network. The procedures should be included such as but not the necessarily limited to:

          The Obtaining Network Access and the Application permissions

            The prohibiting personal use of the organizational computer systems

            Use of the portable media devices

            Applicable to e-mail standards of the conduct

            The Specifications for both acceptable and prohibited the internet usage

            The account termination process

            Threat the notification procedures.

What are some obstacles that keep organizations from having a well thought-out security policy? How can they be overcome?

Ideally, the effective risk assessment the program should ensure the necessary security controls are in the place or to put in the place based on information risks and threats that the organization faces. The risk assessment process should identify and to prioritize any gaps found. In other words, the effective risk assessment program should drive the organization’s security initiatives and the program.

However, the security risks assessments are subjective the exercises. The risk assessments can be inadvertently and the advertently skewed based on the interpretations and the result in not to implementing the necessary security the controls. Reluctance to the spend money and perform unplanned the activities and change user experience are the other factors that can affect the risk assessment the results. We’ll take the look at these challenges and the ways to the overcome them in the order to improve risk assessment the process.


Related Solutions

1. Is it a security policy? 2. What type of security policy is described?
1. Is it a security policy? The textbook defines a security policy as, "... an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization". Is your selected document a security policy per this definition? If not then describe its purpose. Note that some items on this list may not really be security policies per this definition.2. What type of security policy is described? Assuming the document is...
An ISSP (issue-specific security policy) is "an organizational policy that provides detailed, targeted guidance to instruct...
An ISSP (issue-specific security policy) is "an organizational policy that provides detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies." Assignment is: Develop an ISSP policy that addresses the following: Use of Internet. All writing must include proper grammar, spelling, punctuation and citations. Please use proper grammar, spelling and punctuation. Cite references. write in your own words.
This is based on Health Psychology: 1. What are the components of a good definition of...
This is based on Health Psychology: 1. What are the components of a good definition of culture? 2. What aspects of life are influenced by culture? How is culture transferred? 3. What factors can influence responses to the "Who am I" test? 4. Why are cultural differences important in the context of health?
What are the five components in organizational climate? Pick three components and discuss why they are...
What are the five components in organizational climate? Pick three components and discuss why they are important.
Search for security policy templates on the Internet. A good place to start is the SANS...
Search for security policy templates on the Internet. A good place to start is the SANS Institute www.sans.org. Using one or more of the templates you find, develop a security policy for a business or organization. Provide a description of the business, real or fictional, for which you will be writing the policy. Since there are so many areas of security, focus your policy on three specific areas. Be comprehensive in your coverage of your chosen areas. Do not simply...
What kind of difficulties there might be when creating an information security policy? What is required of them?
What kind of difficulties there might be when creating an information security policy? What is required of them?
Explain what an information security blueprint is, identify its major components, and explain how it supports...
Explain what an information security blueprint is, identify its major components, and explain how it supports the information security program
17. What is an issue-specific security policy?
17. What is an issue-specific security policy? 18. List the critical areas covered in an issue-specific security policy. 19. What is a systems-specific security policy? 20. When is a systems-specific security policy used?
Define, discuss and develop information security policy with all its elements.
Define, discuss and develop information security policy with all its elements.
Question 21 40 pts (TCO 1) How should an information security policy be introduced within an...
Question 21 40 pts (TCO 1) How should an information security policy be introduced within an organization, and who should be involved in the review and approval process?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT