Define, discuss and develop information security policy with all its elements.

Solutions

Expert Solution

Information Security Policy:
It is a set of policy issued by organization that all users within the domain of organization stored digitally at any point in the network
Information security is like arms race. Organizations will change and grow over a period of time; hence they should have room for required version updates. The policy needs to be revised at fixed intervals, and all the revision need to be approved and documented by te unauthorized person.
The information security policy has
a. It should be practical and enforceable.
b. It should have a room for revision and updates.

Elements:
1. Audience:The scope of the audience to whom the information security policy applies should be mentioned clearly, it should define what is considered as out of scope.
They define the audience to whom the information security applies.
E.g. staff in anoter business unit which manages security separetly may not be in the scope of policy
2. Asset
How asset will be categorized, how assets re-evaluated and what are the details responsibility of a security team, IT team, Users? The solution is special care should be taken to what has to be covered here and what is in the asset management part of the policy.
Asset management basically the IT part of the asset. It will cover the lifecycle of how the asset will be taken onboard, installed, maintained, managed and retired.
3.Data classification:
policy classify data into categories which may include topscreat secret confidential and public.
By using this to protect data and avoid needless security for unimportant data.
4.Objectives
Information security classify 3 objectives
a. Confidentiality : information authorized to access and not to disclosed others.
b. Integrity : keep data intact and accurate.
c. Availability: information is disposal of authorized users when needed.
5.Security Behavior:
Share Security with your staff. Construct training session to inform employees of security procedures and mechanism including data protection measures, access protection measures and sensittive data.
6.Authority:
The manager have the authority to decide what data can be shared and with whom. The policy should outline the level of authority over the data and IT systesm for each organization

venereology answered 11 months ago

Next > < Previous

Related Solutions

Describe the basic elements of human nature and how they affect information security policy development and...

Describe the basic elements of human nature and how they affect information security policy development and impact information security policy implementation issues. Propose at least three ways that organizations can overcome this policy development and implementation issues.

Define and discuss Web Site Security and also Define and discuss Web Application Security.

Discuss the elements of institutional security. What is an institution in terms of security?

The authors believe that all information security begins with a solid policy. Brainstorm a list of...

The authors believe that all information security begins with a solid policy. Brainstorm a list of reasons why this is so by creating a mind map. [Why established solid policies are important to information security?]

Define Portfolio Policy Statement (IPS) and Discuss its major components with Examples.

Q1. Define information security Q2. Describe the information security roles of professionals within an organization

Q1. Define information securityQ2. Describe the information security roles of professionals within an organizationQ3. Explain these Necessary tools: policy, awareness, training, education, technologyQ4. Explain why a successful information security program is the responsibility of both an organization’s general management and IT managementQ5. Identify the threats posed to information security and differentiate threats to the information within systems from attacks against the information within systemsQ6. Differentiate between laws and ethicsQ7. Explain the role of culture as it applies to ethics in...

Outline the major security issues related to mobile application technologies and Develop a policy and procedure...

Outline the major security issues related to mobile application technologies and Develop a policy and procedure for one of the major security issues you outlined

Develop a map specific to bank's client needs , addressing all the issues and elements that...

Develop a map specific to bank's client needs , addressing all the issues and elements that are important for the increased security of the bank's online service , Keeping in mind for the banking requirements, stakeholders and security. ????? Go through the cyber physical system ...

Information Technology (IT) Security Define your chosen type of security in your own words. Does the...

Information Technology (IT) Security Define your chosen type of security in your own words. Does the term shrinkage relate to your type of security? If so, how? (If not, please omit this portion from your response.) What challenges and risks exist for this type of security? How are the risks mitigated? Tracked? Eliminated? What types of internal and external factors exist? What key strategies are used to protect assets, personnel, and infrastructure? Please be sure to outline prevention and response...

Part One Plan, Develop and Manage a Security Policy (10 marks) Background: Consider that the Commonwealth...

Part One Plan, Develop and Manage a Security Policy Background: Consider that the Commonwealth Government of Australia is planning to launch ‘My Health Record’ a secure online summary of an individual’s health information. The system is available to all Australians, My Health Record is an electronic summary of an individual’s key health information, drawn from their existing records and is designed to be integrated into existing local clinical systems. The ‘My Health Record’ is driven by the need for the...

Subjects