Issue-specific security policy (issp), Computer Network Security

Assignment Help:

Issue-Specific Security Policy (ISSP)

The ISSP addresses specific areas of technology, needs frequent updates and having statement on organization’s position on a particular issue. Issue specific Policy Whereas program level policy is intended to address broadest aspects of IT security and IT security program framework, issue specific policies are required to be developed to address particular types of activities and, in some environments, particular systems. The types of subjects covered by issue specific policies are areas of current relevance, concern, and, at times, controversy upon which the organization is required to assert a position. In this manner, issue specific IT security policies help to standardize activities and reduce potential risks posed by inadequate and inappropriate treatment of the IT resources. Issue-specific policies serve to provide guidelines for the further development of generates and practices within functional elements of an organization.

Every organization’s ISSP has 3 characteristics:
•Addresses specific technology based systems
•Requires frequent updates
•Contains an issue statement on the organization’s position on an issue. There are three basic approaches while creating and managing ISSPs:
1.  Create a number of independent ISSP documents
2.  Create a single comprehensive ISSP document
3.  Create a modular ISSP document

Components of Issue-specific Security Policy

Statement of an Issue: To formulate a policy on an issue, the issue should 1st be defined, with any relevant terms, distinctions, and conditions delineated. For instance, an organization might want to develop an issue specific policy on use of foreign software. Foreign software can be defined to mean any software, whether applications or data, not approved, purchased, managed, screened, and owned by organization.

Additionally, applicable distinctions and conditions might then required to be included, for instance, for software privately owned by employees but approved for the usage at work and for software owned and used by other businesses under contract to the organization.

Statement of the Organization’s Position: Once the issue is stated and related terms and conditions delineated, the organization’s position or stance on the issue will be required to be clearly stated. To continue the example of developing an issue specific policy on the use of foreign software, this would mean stating whether use of foreign software as defined is strictly prohibited, whether or not there are further guidelines for approval and use, or whether case by case decisions will be rendered based on defined criteria.

Applicability: Issue specific policies will need to include statements of applicability. This means clarifying where, to whom, how, when, and to what a particular policy applies. For instance, it could be that the hypothetical policy on foreign software is intended to apply to the organization’s own onsite resources and employees and is not to be applicable to contractor organizations having offices at other locations.

Additionally, the policy’s applicability to employees traveling among different sites and working at home which is required to transport and use disks at multiple sites might be required to clarify Roles and Responsibilities: Also included in issue specific policies should be the assignment of responsibilities and roles. This would mean, to continue with the above instance, that if the policy permits foreign software privately owned by employees which is to be used at work with the appropriate approvals, then approval authority granting this type of permission should stated. Similarly, it should be clarified who would be responsible for ensuring that only approved foreign software is used on organizational IT resources and, for monitoring users in regard to foreign software.

Related to assignment of roles and responsibilities is the inclusion of guidelines for procedures and enforcement. The issue-specific policy on foreign-software, for example, might include procedural guidelines for checking disks used by employees at home or at other locations. It might also state what the penalties would be for using unapproved foreign software on the organization’s IT systems.

Points of Contact: For any issue specific policy, the appropriate individuals in organization to contact for further guidance, information, and enforcement should be indicated. For instance, for some issues the point of contact may be a line manager; for other issues it may be a facility manager, system administrator or technical support person.For other issues, the point of contact can be a security program representative. By using the above example again, employees should know whether the point of contact for questions and procedural information would be his/her immediate superior, a system administrator, or a computer security official. Figure given below is an outline of a sample ISSP, which is used as a model.

Considerations for an Effective Telecommunications Use Policy

1  Statement of policy
a. Scope and applicability
b. Definition of technology addressed

c.  Responsibilities


2 Authorized access and usage of equipment
a. User access
b. Fair and responsible use
c. Protection of privacy

3 Prohibited usage of equipment
a.Disruptive use or misuse b.  Criminal use
c.Offensive of harassing materials
d.Copyrighted, licensed, or other intellectual property
e.Other restrictions

4. Systems management
a. Management of stored materials
b. Employer monitoring
c. Virus protection
d. Physical security
e. Encryption

5. Violations of policy
a. Procedures for reporting violations
b. Penalties for violations


6. Policy review and modification

a. scheduled review of policy procedures for modification
b. Legal disclaimers


7. Limitations of liability
a. Statements of liability
b. Other disclaimers as required


Related Discussions:- Issue-specific security policy (issp)

Derive the transmitted crc header checksum, QUESTION (a) Consider the f...

QUESTION (a) Consider the following digital bit stream 01001100 is to be encoded in: i. NRZ-I ii. Pseudoternary iii. Manchester iv. Differential Manchester Show th

#title., differentiate between internet and www

differentiate between internet and www

Explain major differences between wpa and wpa2, Question: Suppose the f...

Question: Suppose the following brief history of WLAN security standards: When the security of WEP was broken, the industry turned to the IEEE to fix it. The IEEE said it could

Security analysis-information security, SECURITY ANALYSIS Overview •    ...

SECURITY ANALYSIS Overview •    Know yourself: examine, identify, and understand the information and systems which are currently in place •    Know the enemy: examine, identify,

Computer fundamentals, Ask You have been asked by a new client to assist i...

Ask You have been asked by a new client to assist in setting up a new computer for her coffee shop. She has just purchased the newest Apple computer from an online site. Should wou

Attackers motives behind the cyber attack, Attacker's Motives behind the Cy...

Attacker's Motives behind the Cyber Attack Before adapting the necessary measures to deal with the problem, understanding and evaluating the blogger's psyche and his motivation

Difference between a class profile and a child profile sheet, QUESTION ...

QUESTION (a) Mention two attitudes of a carer towards an inspector that could lead to negative outcomes (b) Give two performance indicators of Early Childhood Education that

Explain possible attacks on rsa encryption, Problem (a) Describe RSA a...

Problem (a) Describe RSA algorithm with an example. (b) Answer the following RSA encryption, given the values of the primes are: p = 17, q = 11 and choosing e = 7. (c)

Compare and contrast the trust models-pgp, a. PKI and PGP are two methods f...

a. PKI and PGP are two methods for generating and managing public keys for use in protocols such as secure email. Compare and contrast the trust models for public keys used in PKI

Project, project on ensuring data securities on cloud computing

project on ensuring data securities on cloud computing

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd