Access over 20 million homework & study documents

3 3 Assignment Module Review Part 1 Review QuestionsWhat is in

Content type
User Generated
Rating
Showing Page:
1/4
3.3 - Assignment: Module Review Part 1: Review
Questions
What is information security policy? Why is it critical to the
success of the information security program?
For a policy to have any effect, what must happen after it
is approved by management? What are some ways this
can be accomplished?
List and describe the three types of information security
policy as described by NIST SP 800-14
List and describe the three approaches to policy
development presented in the text. In your opinion, which
is better suited for use by a smaller organization, and why?
If the target organization were very much larger, which
approach would be superior and why?
Solution
What is information security policy? Why is it critical to the
success of the information security program?
Ans-
Information security policy explains the will of the
organizations management in controlling the behaviour of
its employees. The policy outlines what needs to be done
in order to safeguard information in a company. Without a
document that explains this in detail then employees would
not know what direction or even action to take to protect

Sign up to view the full document!

lock_open Sign Up
Showing Page:
2/4
the information in the company.
For a policy to have any effect, what must happen after it
is approved by management? What are some ways this
can be accomplished?
Ans-
All members of the organization, then, must read,
understand and agree to abide by the organizations
policies. For the policies to be effective, they must be
properly disseminated
List and describe the three types of information security
policy as described by NIST SP 800-14
Ans-
The first type of information security policy described by
NIST SP 800-14 is enterprise information security program
(EISP).EISP is used to determine the scope, tone and
strategic direction for a company and all the security
oriented topics within. This policy should directly reflect
the goals and mission of the company. The second is
issue-specific information security (ISSP).The ISSP is
used to guide employees on the use of specific types of
technology (such as email or internet use).This should be
careful designed to uphold the companies ethical codes,
while providing the employees with a detailed list to ensure
they understand the policy and how it is beneficial to the
company. The final one is system-specific information

Sign up to view the full document!

lock_open Sign Up
Showing Page:
3/4

Sign up to view the full document!

lock_open Sign Up
End of Preview - Want to read all 4 pages?
Access Now
Unformatted Attachment Preview
3.3 - Assignment: Module Review Part 1: Review Questions What is information security policy? Why is it critical to the success of the information security program? For a policy to have any effect, what must happen after it is approved by management? What are some ways this can be accomplished? List and describe the three types of information security policy as described by NIST SP 800 -14 List and describe the three approaches to policy development presented in the text. In your opinion, wh ich is better suited for use by a smaller organization, and why? If the target organization were very much larger, which approach would be superior and why? Solution What is information security policy? Why is it critical to the success of the information security program? AnsInformation security policy explains the will of the organization’s management in controlling the behaviour of its employees. The policy outlines what needs to be done in order to safeguard information in a company. Without a document that explains this in detail then employees would not know what direction or even action to take to protect the information in the company. For a policy to have any effect, what must ha ...
Purchase document to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Anonymous
Great! 10/10 would recommend using Studypool to help you study.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4