Question

In: Computer Science

Define, discuss and develop information security policy with all its elements.

Define, discuss and develop information security policy with all its elements.

Solutions

Expert Solution

Information Security Policy:
It is a set of policy issued by organization that all users within the domain of organization stored digitally at any point in the network
Information security is like arms race. Organizations will change and grow over a period of time; hence they should have room for required version updates. The policy needs to be revised at fixed intervals, and all the revision need to be approved and documented by te unauthorized person.
The information security policy has
a. It should be practical and enforceable.
b. It should have a room for revision and updates.


Elements:
1. Audience:The scope of the audience to whom the information security policy applies should be mentioned clearly, it should define what is considered as out of scope.
They define the audience to whom the information security applies.
E.g. staff in anoter business unit which manages security separetly may not be in the scope of policy
2. Asset
How asset will be categorized, how assets re-evaluated and what are the details responsibility of a security team, IT team, Users? The solution is special care should be taken to what has to be covered here and what is in the asset management part of the policy.
Asset management basically the IT part of the asset. It will cover the lifecycle of how the asset will be taken onboard, installed, maintained, managed and retired.
3.Data classification:
policy classify data into categories which may include topscreat secret confidential and public.
By using this to protect data and avoid needless security for unimportant data.
4.Objectives
Information security classify 3 objectives
a. Confidentiality : information authorized to access and not to disclosed others.
b. Integrity : keep data intact and accurate.
c. Availability: information is disposal of authorized users when needed.
5.Security Behavior:
Share Security with your staff. Construct training session to inform employees of security procedures and mechanism including data protection measures, access protection measures and sensittive data.
6.Authority:
The manager have the authority to decide what data can be shared and with whom. The policy should outline the level of authority over the data and IT systesm for each organization

venereology answered 1 year ago
Next > < Previous

Related Solutions

What elements should be included in an Information Security Policy for a corporate entity? What elements...
What elements should be included in an Information Security Policy for a corporate entity? What elements should be included in the policy no matter the size of the business? Why? 3 References please.
Describe the basic elements of human nature and how they affect information security policy development and...
Describe the basic elements of human nature and how they affect information security policy development and impact information security policy implementation issues. Propose at least three ways that organizations can overcome this policy development and implementation issues.
Describe the basic elements of human nature and how they affect information security policy development and...
Describe the basic elements of human nature and how they affect information security policy development and impact information security policy implementation issues. Propose at least three ways that organizations can overcome these policy development and implementation issues.
Define and discuss Web Site Security and also Define and discuss Web Application Security.
Define and discuss Web Site Security and also Define and discuss Web Application Security.
CC3D- If you were asked by your employer to develop a new Information Security Policy, where...
CC3D- If you were asked by your employer to develop a new Information Security Policy, where would you turn to find resources to build this policy? List the two most important items you would include in this new policy and explain why you felt these were most important.
Discuss the elements of institutional security.  What is an institution in terms of security?
Discuss the elements of institutional security.  What is an institution in terms of security?
The authors believe that all information security begins with a solid policy. Brainstorm a list of...
The authors believe that all information security begins with a solid policy. Brainstorm a list of reasons why this is so by creating a mind map. [Why established solid policies are important to information security?]
discuss role of security models in implementing security policy in a software application
discuss role of security models in implementing security policy in a software application
Define Portfolio Policy Statement (IPS) and Discuss its major components with Examples.
Define Portfolio Policy Statement (IPS) and Discuss its major components with Examples.
Q1. Define information security Q2. Describe the information security roles of professionals within an organization
Q1. Define information securityQ2. Describe the information security roles of professionals within an organizationQ3. Explain these Necessary tools: policy, awareness, training, education, technologyQ4. Explain why a successful information security program is the responsibility of both an organization’s general management and IT managementQ5. Identify the threats posed to information security and differentiate threats to the information within systems from attacks against the information within systemsQ6. Differentiate between laws and ethicsQ7. Explain the role of culture as it applies to ethics in...
ADVERTISEMENT
Subjects
ADVERTISEMENT
Latest Questions
ADVERTISEMENT