Question

1. Is it a security policy? The textbook defines a security policy as, "... an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization". Is your selected document a security policy per this definition? If not then describe its purpose. Note that some items on this list may not really be security policies per this definition.

2. What type of security policy is described? Assuming the document is a security policy, would you say this is primarily an organizational policy, issue policy, a system-specific policy or "none of these"? Why? If you chose "none of these" then how would you describe this policy - is it even really a security policy as described in the text? Is it designed to cover regulatory or marketing requirements rather than a security governance document? Does it describe the organization's security practices or does it advise the users how to securely use the site?

3. Who do you think is the intended audience for this document? How does this intended audience affect that nature and scope of this document?

Answer 1

1. Is this a security policy?

This is a security policy but is incomplete in the sense as it does not mentions about what security policy really means.

Security policy is a document that describess how the company takes care of confidential data of employees and customers as per there set of rules and regulations. It is meant to strengthen confidential data of the company from being leaked which in turn will degrade the standard of company.

The objective of security policy is the preservation of Integrity, Confidentiality and Availability.

Integrity: Integrity ensures that the updation and modification of assets are handled in an authorized manner.

Confidentiality: Confidentiality means the important data and assets are only in the authorized hands.

Availability: Only the authorized users have access to it.

Thus, all this has to be elaborated in the security policy.

2. What type of policy is this?

This is orginazational policy as it is set by the senior members of the organization or the selected policy board or committee that tells what role does security policy play in the organization. It is designed to cover only the security policy within the organization as it aims to strengthen the confidential data of the organization.

It describes the organization security policy by explaining each and every rule and legal term in detail. It elaborates about the procedure that the organization takes in order to safe data from being exploit.

3. What do you think is the intended audience for this document?  

Every document in an organization is designed by keeping in mind the audience that will see or sign the document as they are the bearers of both the positive and negative aspect. Thus each document is designed keeping all this in mind. Scope of the document means the area it covers so keeping in mind the audience is the most important step.