IT 253 New Hampshire University Policy of the Environmental Protection Discussion

User Generated



IT 253

Southern New Hampshire University




In this module, you explored policies and practices used by organizations to protect information. There are a variety of policies that are intended to improve the security posture of an organization. These policies include but are not limited to: acceptable use policies, privacy policies, authorized access policies, change and configuration management policies, human resource policies, codes of ethics, organizational security policies, password policies, user education and awareness policies, and user management policies, among many others. Many of the aforementioned policies live within an organization’s overarching information security policy, although they can stand alone, depending on the size of the organization. The size of the organization can also affect the ways in which roles and responsibilities are determined. For example, a smaller organization could have an IT department of one, where a larger organization will have dedicated roles with distinct skill sets and responsibilities that no other role takes ownership of.

For the purposes of this activity, you will review a general information security policy of a government organization. Although information security policies can be lengthy, the policy you will be reviewing is considered brief. It is 13 pages long. Be mindful of the time it will take to not only read the policy but to review specific sections in order to address all of the activity questions.

For this week’s activity:

  • Read the information security policy and the resources provided in the Supporting Materials section.
  • Consider how laws and regulation influence organizational policies, and the various IT roles that might be included in an information security policy.
  • Respond to the provided activity questions.


Most privately owned and publicly traded firms give their employees access only to security policies and private information. Security policies typically remain for internal use only due to the sensitive nature of their contents. However, many education entities, nonprofits, and government-affiliated institutions make these documents available to the public via their websites. Read the Information Security Policy of the United States Environmental Protection Agency (EPA) and respond to the provided activity questions. To access the policy in full for the purposes of this activity, click on the “Information Security Policy (PDF)” in the link just provided. The Supporting Materials section contains resources that will help you understand the elements of a good policy.

Supporting Materials

These resources will provide you with greater insight into what elements make up a good security policy and help you prepare for your response to the activity questions:

Guidelines for Submission

Respond to the activity questions below related to the Module Three Activity. Your submission should be 1 to 2 pages, double-spaced, and submitted as a Word document (.docx). Resources must be appropriately cited using APA style. You are allowed, though not required, to use resources outside of those provided within Module Three and the Supporting Materials section.

Your responses should be in complete paragraphs and should contain the following:

  • Answer all of the activity questions thoroughly and completely. Write out the questions in your submission.
  • Make direct connections between the information security policy and the concepts covered in the provided resources in Module Three, as well as in the Supporting Materials.
  • Support your answers with appropriate examples drawn from the information security policy.
  • Use correct grammar, sentence structure, and spelling, and demonstrate an understanding of audience and purpose.

Activity Questions

  • Do you think the law or regulation has influenced the development of this policy? How?
  • How do the listed IT roles and responsibilities support and improve the EPA’s security posture?
  • What audience do you think the policy was intended for? Why?
  • Are there elements that you would recommend to enhance this policy?

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached. Please let me know if you have any questions or need revisions.


Policy Review


Do you think the law or regulation has influenced the development of this policy? How?
The Information Security Policy of the Environmental Protection Agency (EPA) was
created to provide organizational security to information and information systems. The
development of this policy was influenced by a host of legal laws with which EPA must comply.
One legal in this regard is the Federal Information Security Modernization Act of 2014
(FISMA), an authority regulating how all Federal Government agencies protect information
resources (EPA INFORMATION DIRECTIVE POLICY, 2005). Therefore, it was in response to
FISMA and other relevant directives that EPA created their Information Security Policy. Other
legal laws that...

Super useful! Studypool never disappoints.


Related Tags