Summarize the policy and its purpose for management

Assignment Help Management Information Sys

Reference no: EM132029907 , Length: 3

•Consider the organization where you work, or an organization where you would like to work if you are not currently employed.

•Create an Operations Security Policy that would benefit your organization

•Suggest some controls for your policy

•Suggest an audit mechanism

Use the following Format for your policy:

Overview

You should put one or two sentences here that summarize the policy and its purpose for management. This is typically an explanation of why the policy exists. Don't be too technical.

Scope

This is where you define who or what the policy applies to, from all employees to only cashiers that handle cash in the front office. If it applies to equipment, it could be all equipment, all servers, all network connected equipment, or just company issued cell phones. Be specific.

Policy

This is where the policy is actually defined. Don't be too specific, leave that to the procedures and controls that support the policy.

For example, a password policy might state that users cannot share passwords, passwords must be complex, help desk personnel never request passwords, and passwords must rotate periodically.

The details of good password construction can be then put in a guideline document, instructions for the help desk on reseting passwords can be a procedure, and that Group Policy is used to force password changes every 60 days is a technical control.

None of that should be in the policy, but it all needs to be properly documented and communicated to the people that need it - the guidelines to all staff, the help desk procedure to help desk staff, and the technical controls to the domain admins.

If you are in doubt remember that good policy statements talk about what the policy is trying to accomplish, and are addressed to a wide audience. Procedures and controls talk about how it is to be accomplished and are addressed to the staff that must carry it out.

Compliance Measurement

Typically, this section includes the job title of the person responsible for overseeing its implementation or the department if multiple people are responsible, a reference to audit mechanisms, and the consequences for failure to abide by policy.

Definitions, Related Standards, and Policies

This section usually contains definitions of technical or ambiguous terms, cross-references to applicable regulations, and other policies that relate to this policy.

Examples include union contracts, discipline policies, and implementation guidelines. In our password policy example, this where readers would be told to consult the password construction guideline document.

Exceptions

If there any circumstances that might allow temporary exception to the policy, such as during an emergency, define them here. If there is anyone with the authority to temporarily waive the policy, they should be identified by job title. This section is often omitted since many policies do not allow any exceptions.

3-5 pages in length.

APA format.. citations, references etc...

Reference no: EM132029907

Questions Cloud

What would be the cost of protective put portfolio : How much would it cost to purchase if the desired put option were traded? What would be the cost of the protective put portfolio?

What is the probability that at most one is non- defective : When a particular machine is functioning properly, 80% of the items produced are non-defective. If three items are examined, what is the probability that.

What amount of income will singh co report : Singh Co. reports a contribution margin of $735,000 and fixed costs of $490,000. If sales increase by 20%, what amount of income will Singh Co. report

What net torque is necessary to stop the disk in 10 seconds : What net torque is necessary to stop the disk in 10 seconds?

Summarize the policy and its purpose for management : Summarize the policy and its purpose for management. This is typically an explanation of why the policy exists. Don't be too technical.

How many quarters of coverage has jordan attained : For part of the summer of this year, Jordan worked full time at a local accounting firm. Jordan is a 19-year-old accounting student attending a state university

What is the disk angular acceleration : It takes 30 rotations to reach an angular velocity of 10 rad/s. What is the disk's angular acceleration?

What are common stockholders residual claims to earnings : What are the common stockholders’ residual claims to earnings? how many directors can the dissident stockholders elect with the proxies they now hold?

Determine the atcf for each year : Milliken uses a digitally controlled dyer for placing intricate and integrated patters on manufactured carpet squares for home and commercial use.

User Account

All Pages