Security Operations – Week #8 Final Project
Table 4-3
Elements of a Typical ISSP
|
1 |
Statement of Purpose |
|
|
a. Scope and Applicability |
|
|
b. Definition of Technology Addressed |
|
|
c. Responsibilities |
|
2 |
Authorized Uses |
|
|
a. User Access |
|
|
b. Fair and Responsible Use |
|
|
c. Protection of Privacy |
|
3 |
Prohibited Uses |
|
|
a. Disruptive Use or Misuse |
|
|
b. Criminal Use |
|
|
c. Offensive or Harassing Materials |
|
|
d. Copyrighted, Licensed, or Other Intellectual Property |
|
|
e. Other Restrictions |
|
4 |
Systems Management |
|
|
a. Management of Stored Materials |
|
|
b. Employer Monitoring |
|
|
c. Virus Protection |
|
|
d. Physical Security |
|
|
e. Encryption |
|
5 |
Violations of Policy |
|
|
a. Procedures for Reporting Violations |
|
|
b. Penalties for Violations |
|
6 |
Policy Review and Modification |
|
|
a. Scheduled Review of Policy |
|
|
b. Procedures for Modification |
|
7 |
Limitations of Liability |
|
|
a. Statements of Liability |
|
|
b. Other Disclaimers |