Issue Specific Security Policy (ISSP)

Apr 13th, 2016
Price: $10 USD

Question description

Q1. Develop an issue-specific security policy (ISSP) that can be used at home or small business.

Assignment - 1 Requirements : 

Consider your incident response plan (IRP) you created last week and discussed in the forum. 

  • Using a similar approach, draft a generic, sample ISSP that would be useful to any home computer user.
  • Assume this policy could be available to the general public.
  • Make sure you cover all of the critical aspects of a security policy.
  • Get a second opinion on the ISSP's usability. You might use a family member, classmate, or a work colleague. 
  • Use that feedback to improve your policy. Include their feedback as part of your submission.
  • NOTE: This means you'll need to complete your initial policy to provide enough time for feedback and improvement.

Submission Requirements

  • Format: Microsoft Word
  • Font: Arial, 12-Point, Double- Space
  • Citation Style: APA
  • Length: 1–2 pages (plus a cover sheet)

Three Major Types of Information Security Policies

Learning Objective: Recognize the three major types of information security policy and know what goes into each type.

The NIST published Generally Accepted Principles and Practices for Securing Information Technology Systems (NIST 800-14) in 1996. 

For many years government agencies used NIST 800-14 as a source for developing information security policies (program, issue-specific, systems-specific, and etc.).  The guide was also to prepare for contingencies, incident handling, and training.

Assignment Requirements

Review 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems ->

After reviewing the NIST document and completing the reading assignment, write a 2-3 page paper that addresses the following:

  1. In the introduction, describe the importance of security policies.
  2. Use your text or other resources and provide an introduction to the three major types of information security policies. (Enterprise information security program policy, Issue-specific information security policies, Systems-specific information security policies)
  3. Identify types of information is contained in each of the three types of policies.
  4. Compare and contrast the three policies.
  5. Conclusion:
    1. How much have policies changed since the 1996 publication?  
    2. Are the same principles identified in 1996 applicable to today?  
    3. Your thoughts? 

Submission Requirements

  • Format: Microsoft Word
  • Font: Arial, 12-Point, Double- Space
  • Citation Style: APA
  • Length: 2–3 pages (plus a cover sheet)

Tutor Answer

(Top Tutor) Daniel C.
School: University of Maryland

Studypool has helped 1,244,100 students

8 Reviews

On Time
Five Star Tutor
Dec 5th, 2016
" Outstanding Job!!!! "
Nov 21st, 2016
" Excellent job "
Nov 12th, 2016
" <3 it, thanks for saving me time. "
Nov 8th, 2016
" all I can say is wow very fast work, great work thanks "
Oct 30th, 2016
" Totally impressed with results!! :-) "
Oct 16th, 2016
" Goes above and beyond expectations ! "
Oct 7th, 2016
" awesome work thanks "
Sep 24th, 2016
" Excellent work as usual "
Ask your homework questions. Receive quality answers!

Type your question here (or upload an image)

1827 tutors are online

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors