Final Project

profilesepola
W6Lab.docx
Home>Computer Science homework help>Final Project

4

Policy Review and Modification

6. Policy Review and Modification

Scheduled Review of Policy

The information security policy will require an annual review to look at whether the policy meets the needs of the organization. The information security policy of the company shall also be reviewed at scheduled intervals when significant changes occur to assess the impact of the changes in policies and procedures. The information policy review shall be conducted in case of the following events:

1) Adoption of new information system or services, or significant changes to the existing information system.

2) Adoption of new critical infrastructure in the organization or any significant changes to the existing infrastructure.

3) Implementation of cloud services for the storage and processing of information as this could pose an information security threat.

The annual review will focus on identifying any existing information threats and any incidences of the information getting to unauthorized individuals or use of information for malicious reasons (Moody et al., 2018). The policies and procedures will be reviewed to see whether they comply with all the relevant laws and guidelines provided. In case the policy is not effective then there will be need for modification of the policy.

Procedures for modification

If the ISP is not working as desired then there will be need for modification which will be done by the Information Technology (IT) team in the organization. During the annual review the threats and risks together with their weight and significant impact on the policy will be analyzed. Once this is done the needed modifications will be identified by the IT team. The modifications and updates will be done according to how significant the risks and threats are. The modifications will be made by the IT team and the modified policy submitted to the IT management and the ISO for review (Sharma & Warkentin, 2019). Once the policy is deemed to have incorporated all the changes it will be available to the employees and the concerned stakeholders. The employees can access the ISP policy through their portals and also within the organization when need be.

References

Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a unified model of information

security policy compliance. MIS quarterly42(1).

Sharma, S., & Warkentin, M. (2019). Do I really belong?: Impact of employment status on

information security policy compliance. Computers & Security87, 101397.