Security policies

Page Contents

Security policies

Exercise 1

What is organization EISP?

EISP in the organization is a system that explains the company philosophy on security, guiding it to set the tone, scope, and direction of the company security effort. EISP explains the organization’s beliefs about security and multiple roles played by the organization security arena and the employee responsibility of maintaining the company system and information safe.

Roles of EISP in the organization.

EISP states the company’s purpose as it focuses on the organizational goals by integrating the objectives and organizational mission into the functional structure that enhances and furthers the company’s purpose. The statement of purpose is stated and pointed enough to ensure accountability for those responsible in specific approval processes provide legal compliance conditions to the organization where the compliance varies from one company to another based on the activities done in the organization. For instance, a security policy for the company that deals with the public has a different approach to EISP to legal compliance than those governmental companies that handle classified and sensitive information. EISP help in authority access and control policy where hierarchical, tiered structure ensures access to the only lowered tiered employees. EISP determines the level of access to the technology department and its responsibility for data manipulation in the media. EISP enables the classification of data where organizations categorize data to convey confidentiality. Data classification can be based on the restriction, privacy, and public.

Can an organization have more than one EISP?

An organization can have more than one EISP depending on the activities done in the organization. Some companies prefer security policies for each department where each department would be responsible for its security issues. The involved department would guide their policy from any intrusion. For instance, some companies present their monthly security policy issues to the main EISP from the departmental security statement.

Exercise 2

Difference between IISP and EISP.

ISSP protects employees’ trust in the organization from threats and hazards to ensure a smooth flow of work and minimize business damages. On the contrary, EISP explains organization beliefs on security and the different roles played by employees on the security policy. ISSP addresses certain technology-based resources in the organization while EISP provides a statement purpose for the organization’s goals and objectives. ISSP policy in the organization always needs some update to work while EISP is 0a permanently installed program that needs little or no update to perform organization activities.

An organization can have more than one ISSP in a given organization since it mainly protects employee trust keeping any threats or hazard outcomes from their functionality. Different ISSP can be installed in different departments depending on the company’s strategy on ISSP.

How does SYSSP differ from IISP?

Issue-specific policy tends to address certain issues concerning the organization. On the contrary, system-specific policy majorly focuses on the decision management takes to curb certain systems. The system-specific policy is limited to the affected system that makes it change with time with vulnerability or functionality. On the contrary, issue specific policy is unlimited as it can cover different aspects like social network, religion, healthcare issues in the organization.

Need for managerial guidance for SysSP.

SysSP policy can be developed at the same time with ISSP when related. The management may sometime need to create policy to implement management policy. The managerial guidance is required to guide the implementation and configuration of the technology hence regulating employee behavior. For instance, strategy for implementing firewalls is done by technical specification SysSP the firewall need to adhere with measure provided by the management.

Draft sample for issue specific policy.

Statement of purpose.

The draft would contain email policy for insurance company. The purpose of the policy is to define the authorized personnel who will be responsible in controlling email information. Since the company makes some communication email method the purpose is to ensure clear flow of email information.

Authorized uses.

The email policy would allow safety by limiting those who can access the email information. Pin and password would be more preferred in keeping away those unauthorized users from accessing the information.

 

Prohibited uses

Any unauthorized employee found attempting to open email information would be termed ad an outsider hacker and would bear the consequences. Company email access should not be used for personal interest.

System management.

The email policy would enable employee monitoring and work power in the insurance company. The policy would save data or information that would be referred in the coming days.

Violation of policy.

The policy would be keen on those hackers attempting to get access to organization activities. Any intruder subjected to email access without authorization will be liable for their breach.

Policy review and modification.

The policy would be reviewed by different employee to cross check how the policy would be effective to the insurance company operation.

Limitation of liability.

The policy would be liable for the recruitment activities to the organization. The authorized personnel would control the email recruitment procedures.

Titles and roles for the six staffs.

First title I would give to human resource department that would be responsible in recruiting new employee to the organization. The second title I would give the procurement people who makes purchases for the organization. Additionally accounting department would be another title where the department focuses on auditing the company’s income and revenue. Maintenance title is another group that would be dealing with the overall maintenance of the company equipment’s. General Manager is another title I would give as he or she would be supervising the overall operation of the organization. Marketing title takes the last chance for they will be ensuring the company product is marketing to the potential customers. The human resource group would provide part time staff when recruiting casual workers to the company.

 

Complete Answer:

Get Instant Help in Homework Asap
Get Instant Help in Homework Asap
Calculate your paper price
Pages (550 words)
Approximate price: -
Open chat
1
Hello 👋
Thank you for choosing our assignment help service!
How can I help you?