Discussion boards

Infy1234+
sampleanswer.docx

 Bryan Connelly

· Summary

1. This is an overall summary of the policy.  It serves to convey the general information contained without requiring a user to review the entirety of the document

· Purpose

1. This is much more specific than the summary.  It serves to answer the question of why the policy was created and what, specifically, are the threats it aims to address.

· Scope

1. This section specifies when a situation falls into the realm that this policy is applied to.   It will provide general conditions that must be met in order for it to be applied.  

· Several examples will be shown of edge cases that explain when situations properly fall into the scope of this policy.  This can be amended as new situations occur that need to be addressed.

· Policy

1. This section gives specifics about what is trying to be accomplished.  It does not get as granular as specifying the actual procedures that will need to occur, nor does it specify any technology.   Instead it speaks to the situation in the abstract.  Included in this section would be:

· Threats that were being mitigated

· Responsibilities that needed clarification

· General remedies to the situation

· Procedure

1. This section is much more granular than the policy section.  It takes the goals of the policy section and gets specific about the step by step approach to reach those goals.  This is where any technology can be spelled out specifically if necessary.

· Compliance Measurement

1. This section aims to spell out exactly how the company will determine if the policy is being utilized correctly.  There will probably be a team which reviews the organization for compliance, this section spells out the details of that process.

· Terms and Definitions

1. This is a section in which any confusing or specific language is clarified.  It should be written in a way that ensures no specialized knowledge is needed to understand it.

· History

1. This is where changes are tracked for revisions.  It will include who changed it, when it was changed, and the general nature of the changes.  It should also include paths to find the previous versions before the revisions were made.

References

SANS. (2021).   Acceptable Encryption Policy. Retrieved from:  https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt0759f19972ec623e/5e9dd1fa33f6b8718946a2b9/acceptable_encryption_policy.pdf