Related Essays

  • Information Security Policy

    Information security policy refers to measures taken by a company in an attempt to control the behavior of the labor force. The policy ensures that no inappr...

  • The Importance Of Auditing IT Controls

    It 's been my experience that many organizations underestimate the importance of well-planned and well written policies and procedures in their push towards ...

  • Plankton Games: Security Policies

    The security policies should outline what employees are expected of in regards to complying with the security policies and the consequences

  • IT Security Policy

    A cybersecurity policy is critical to the safety of an organization. A policy establishes guidelines for an organization, and makes expectations clear for e...

  • Redbus Information Security Management System

    Table of Contents Objective Scope Policy Information Security Steering Committee ALLOCATION OF INFORMATION SECURITY RESPONSIBILIES Chief Informatio...

  • Nstissi 4011 Security Model: A Case Study

    Lastly, the education and training must be taken place to public the policies and guide the usage of appropriate applications to all employees and partners. ...

  • Information Security Policy Analysis

    As for what one covers in an information security policy depends on what business sector the organization falls under. For instance, a hospital will be conce...

  • XYZ Credit Union/Bank Case Study

    The encryption policy would pertain to the use of encryption for all customer data at rest or in transit. The policy would pertain to all systems, servers a...

  • Personnel Security Policy Paper

    Introduction An organization’s security posture is only as good as the personnel that work for the company. As such, the organization must define policies th...

  • Port Scanning Policy

    This policy is applicable to the security officer having control over devices connected in the network. 2. Policy: This policy covers the guidelines for sc...

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/7

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

7 Cards in this Set

  • Front
  • Back

3 Policy Types

ISP - Overall information security policy


ISSP - Issue-specific security policy


SysSP - System-specific security policy

Purpose of an overall infosec policy

An overview of corporate philosophy (e.g postures they take)


Details security responsibilities that all organisation members have and responsibilities unique to roles

Main priniciples underlying policies

Individual accountability


Authorisation


Minimising privilege


Seperation of duty


Auditing


Risk reduction

Content of an overall info sec policy

1.introduction & Objectives


2.Statement of management intent


3.A framework for setting control objectives, risk assessment & management


4.Policies, principles, standards, and compliance


5.Responsibilities


6.References

Why should stakeholders be involved in policy development

Minimises disruption to business unit operations, system owners can give valuable input to how processes will be impacted and it makes the implementation process easier

What sensitive data is unique to certain legislation

Biometric or genetic (GDPR), Alleged or commited offences (DPA)

Rights of the data subject under DPA