Issue-specific security policy (issp), Computer Network Security

Assignment Help:

Issue-Specific Security Policy (ISSP)

The ISSP addresses specific areas of technology, needs frequent updates and having statement on organization’s position on a particular issue. Issue specific Policy Whereas program level policy is intended to address broadest aspects of IT security and IT security program framework, issue specific policies are required to be developed to address particular types of activities and, in some environments, particular systems. The types of subjects covered by issue specific policies are areas of current relevance, concern, and, at times, controversy upon which the organization is required to assert a position. In this manner, issue specific IT security policies help to standardize activities and reduce potential risks posed by inadequate and inappropriate treatment of the IT resources. Issue-specific policies serve to provide guidelines for the further development of generates and practices within functional elements of an organization.

Every organization’s ISSP has 3 characteristics:
•Addresses specific technology based systems
•Requires frequent updates
•Contains an issue statement on the organization’s position on an issue. There are three basic approaches while creating and managing ISSPs:
1.  Create a number of independent ISSP documents
2.  Create a single comprehensive ISSP document
3.  Create a modular ISSP document

Components of Issue-specific Security Policy

Statement of an Issue: To formulate a policy on an issue, the issue should 1st be defined, with any relevant terms, distinctions, and conditions delineated. For instance, an organization might want to develop an issue specific policy on use of foreign software. Foreign software can be defined to mean any software, whether applications or data, not approved, purchased, managed, screened, and owned by organization.

Additionally, applicable distinctions and conditions might then required to be included, for instance, for software privately owned by employees but approved for the usage at work and for software owned and used by other businesses under contract to the organization.

Statement of the Organization’s Position: Once the issue is stated and related terms and conditions delineated, the organization’s position or stance on the issue will be required to be clearly stated. To continue the example of developing an issue specific policy on the use of foreign software, this would mean stating whether use of foreign software as defined is strictly prohibited, whether or not there are further guidelines for approval and use, or whether case by case decisions will be rendered based on defined criteria.

Applicability: Issue specific policies will need to include statements of applicability. This means clarifying where, to whom, how, when, and to what a particular policy applies. For instance, it could be that the hypothetical policy on foreign software is intended to apply to the organization’s own onsite resources and employees and is not to be applicable to contractor organizations having offices at other locations.

Additionally, the policy’s applicability to employees traveling among different sites and working at home which is required to transport and use disks at multiple sites might be required to clarify Roles and Responsibilities: Also included in issue specific policies should be the assignment of responsibilities and roles. This would mean, to continue with the above instance, that if the policy permits foreign software privately owned by employees which is to be used at work with the appropriate approvals, then approval authority granting this type of permission should stated. Similarly, it should be clarified who would be responsible for ensuring that only approved foreign software is used on organizational IT resources and, for monitoring users in regard to foreign software.

Related to assignment of roles and responsibilities is the inclusion of guidelines for procedures and enforcement. The issue-specific policy on foreign-software, for example, might include procedural guidelines for checking disks used by employees at home or at other locations. It might also state what the penalties would be for using unapproved foreign software on the organization’s IT systems.

Points of Contact: For any issue specific policy, the appropriate individuals in organization to contact for further guidance, information, and enforcement should be indicated. For instance, for some issues the point of contact may be a line manager; for other issues it may be a facility manager, system administrator or technical support person.For other issues, the point of contact can be a security program representative. By using the above example again, employees should know whether the point of contact for questions and procedural information would be his/her immediate superior, a system administrator, or a computer security official. Figure given below is an outline of a sample ISSP, which is used as a model.

Considerations for an Effective Telecommunications Use Policy

1  Statement of policy
a. Scope and applicability
b. Definition of technology addressed

c.  Responsibilities


2 Authorized access and usage of equipment
a. User access
b. Fair and responsible use
c. Protection of privacy

3 Prohibited usage of equipment
a.Disruptive use or misuse b.  Criminal use
c.Offensive of harassing materials
d.Copyrighted, licensed, or other intellectual property
e.Other restrictions

4. Systems management
a. Management of stored materials
b. Employer monitoring
c. Virus protection
d. Physical security
e. Encryption

5. Violations of policy
a. Procedures for reporting violations
b. Penalties for violations


6. Policy review and modification

a. scheduled review of policy procedures for modification
b. Legal disclaimers


7. Limitations of liability
a. Statements of liability
b. Other disclaimers as required


Related Discussions:- Issue-specific security policy (issp)

Explain briefly how go-back-n operates, Question: a) There are two basi...

Question: a) There are two basic approaches to dealing with errors in the presence of pipelining. One way is Go-Back-N and the other strategy is Selective Repeat. i. Explain

Different architectures for wireless networks, (a) What are the different a...

(a) What are the different architectures for wireless networks? (b) Explain how WEP authentication and encryption works, describe the vulnerability. (c) In what ways are secu

Distinguish between steganograhy and cryptography, Question: (a) Disti...

Question: (a) Distinguish between Steganograhy and Cryptography. (b) "Playfair cipher is more secure than Monoalphabetic cipher." Justify this statement. (c) Various ap

Nessus vulnerability, You see two IP addresses. The IP address 192.168.58.1...

You see two IP addresses. The IP address 192.168.58.130 is the one of Bt4. The IP address 192.168.58.133 has ports 135 and 445 open; which indicates that it is a Windows machine. S

Example of an attack against a windows, The objective of this example is to...

The objective of this example is to demonstrate the steps required for a successful attack against a vulnerable Windows XP SP2 system. It will show: a) how Nessus can be used to di

Http protocol, Question (a) Name 3 popular electronic mail access prot...

Question (a) Name 3 popular electronic mail access protocols? (b) i. What is DNS? ii. Briefly, describe what it does and how it works? iii. Why does DNS use a dist

X.509, Consider the details of the X.509 certificate shown below. a. Identi...

Consider the details of the X.509 certificate shown below. a. Identify the key elements in this certificate, including the owner''s name and public key, its validity dates, the nam

Cryptographic algorithms-cryptography, Cryptographic algorithms Cryptogr...

Cryptographic algorithms Cryptographic algorithms are broadly classified into two broad categories. They are stated below 1.  Symmetric Encryption and 2.  Asymmetric Encryptio

Transmission errors in networking, TRANSMISSION ERRORS:  Transmission...

TRANSMISSION ERRORS:  Transmission exceptions may happen due to different causes for example power surges or interference may delete data during transmission. In result of wh

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd