Information Security Policy Paper

2395 Words10 Pages

Purpose:
• The purpose of this policy is to assist the executives, managers and the cloud computing service providers with the best security implementations in the nonprofit organizations.
• The purpose of the policy is to present an appropriate security policy to the grant over seers.
• The purpose of this policy is to provide a security policy that will replace the existing enterprise policy.
• The purpose of the policy is to provide best practice and advice for the implementation of the cloud computing services that will allow the sharing, processing and storage of the nonprofit organizations.
Scope:
• The scope of the policy extends to the implementation of the cloud computing services practices to the entire nonprofit organization.
• The …show more content…

• Contract and the Licensing services: The organization is expected to work with the licensing and the contract services that will help the organization to place appropriate safeguards for the cloud users and hence the cloud data.
Information security Manager: The organization should have an Information security manager who will be responsible for defining and implementing the entire information assurance practices for the responsible management of the data that is present on the cloud. (Karadsheh and Alhawari, 2011)
• Information Roles and Responsibility Policy: Along with the information security manager the organization should define different roles for securing the cloud and the data of the users. All the roles and the responsibilities of the information security officers are needed to be carefully …show more content…

(Laifu, Jun and Huamin, 2011). This data is given limited exposure to the staff members. • For this type of the confidential organizational data the organization should not use the self provisioned cloud service. And in case it requires the use of the self provisioned cloud then in that case appropriate safeguards are needed to be made. The provision here is to use the locally or centrally provisioned cloud services with the appropriate controls from the licensing services and the Information Steward permission. (It.tufts.edu,