Do My Essay!
Do not waste time. Get a complete paper today.
Our leading custom writing service provides custom written papers in 80+ disciplines. Order essays, research papers, term papers, book reviews, assignments, dissertation, thesis or extensive dissertations & our expert ENL writers will easily prepare a paper according to your requirements.
You’ll get your high quality plagiarism-free paper according to your deadline! No Bullshit!!
ITC482 Computer Management & Security
Tutorial Week 04 – Solutions
Week 04 Information Security Policy
1. What is information security policy? Why it is critical to the success of the information security program?
2. Of the controls or countermeasures used to control information security risk, which is viewed as the least expensive? What are the primary costs of this type of control?
3. List and describe the three challenges in shaping policy.
4. List and describe the three guidelines for sound policy, as stated by Bergeron and Bérubé.
5. Describe the bulls-eye model. What does it say about policy in the information security program?
6. Are policies different from standards? In what way?
7. Are policies different from procedures? In what way?
8. For a policy to have any effect, what must happen after it is approved by management? What are some ways to accomplish this?
9. Is policy considered static or dynamic? Which factors might determine this status?
10. List and describe the three types of information security policy as described by NIST SP 800-14.
11. For what purpose is an enterprise information security program policy (EISP) designed?
12. For what purpose is an issue-specific security policy (ISSP) designed?
13. For what purpose is a system-specific security program policy (SysSP) designed?
14. To what degree should the organizations values, mission, and objectives be integrated into the policy documents?
15. List and describe four elements that should be present in the EISP.
16. List and describe three purposes that the ISSP serves in the organization
17. What should be the first component of an ISSP when it is presented? Why? What should be the second major heading, in your opinion? Why?
18. List and describe three common ways in which ISSP documents are created and/or managed
19. List and describe the two general groups of material included in most SysSP documents.
20. List and describe the three approaches to policy development presented in the text. In your opinion, which is better suited for use by a smaller organization, and why? If the target organization were very much larger, which approach would be superior and why?
1. Using the Internet and a browser, go to the International Information Systems Security Certifications Consortium Web site (www.isc2.org) and look for the information security common body of knowledge (CBK). When you review the list of 10 areas in the CBK, is policy listed? Why do you think this is so?
2. Search your institutions intranet or Web sites for its security policies. Do you find an enterprise security policy? What issue-specific security policies can you locate? Are all of these policies issued or coordinated by the same individual or office, or are they scattered throughout the institution?