White_M3_Review
Adam M. White
Embry-Riddle Aeronautical University 1. What is information security policy? Why is it critical to the success of the information security program?
According to Michael and Herbert information security policies are written instructions, provided by management, to inform employees and others in the work place of the proper behavior regarding the use of information and information assets (pg.125). It’s necessary to protect the organization and the job of its employees. It is also a great management tool that sets the guide lines for audits and helps with legal disputes.
2. For a policy to have any effect, what must happen after it is approved by management? What are some ways this can be accomplished?
All members
…show more content…
EISP also known as a security program policy, general security policy, IT security policy. EISP guides the development, implementation, and management requirements of the InfoSec program, which must be met by InfoSec management, IT development, IT operations, and other specific security functions (pg.129). ISSP provides detailed targeted guidance to instruct all members of the organization in the use of a resource, such as a process or a technology employed by the organization (pg.134). SysSP function asstandards or procedures to be used when configuring or maintaining systems …show more content…
The EISP is broad-based, encompassing and defining large areas of responsibility and implementation. The ISSP is tailored more toward the organization’s intent on how a certain technology-based system is to be used. The system-specific policy is written more as a standard and procedure to be used in the configuration of a system. A larger organization would require a policy written along the lines of an EISP in order to cover all of the various systems and information security needs. For example a large company such as WalMart needs a very detailed policy to protect confidential information. This would most likely be required by their large customer base on both in-store and online shoppers. A smaller company might only need the policy to help keep track of sales for the month. All of which may be confidential but can easily covered by a policy like