2 responses
ruthvik
word1.docxHi All,
Information security policy (ISP) refers to a set of rules implemented by an organization to ensure that employees and all users within an organization follow regulations regarding the security of data and information within the organizational environment. It governs the protection of information, which an essential asset that organizations must protect. Developing an information security policy requires a risk assessment to provide policy-makers with an accurate depiction of the specific security needs of an organization. A proper information security policy requires decision-makers to identify sensitive data and critical systems. Today, security threats are becoming more dynamic and complex, and without a proper information security policy, organizations may find it difficult to counter such threats (Passi, 2018). However, an information security policy must contain two crucial elements for it to be effective.
One of the most critical items in an information security policy (ISP) is outlining the purpose. The purpose of an ISP is to create an overall approach to information security and detecting data breaches by third-party vendors, misuse of networks and applications, as well as the computer systems (Tunggal, 2020). The policy needs to protect customer assets, which include personal information and should, therefore, address confidentiality, which ensures that only authorized individuals can access certain information. It also addresses integrity, which ensures the accuracy and completeness of the information. The policy also needs to address the availability, which involves making sure that only authorized personnel can access information when required.
The policy must also contain the scope of the ISP, which includes all the information assets governed by an organization. The policy should address all data, programs, IT infrastructure, and its users, as well as the third parties that may be authorized to access the information assets. The policy should address the scope to whom the ISP applies and also consider what is not in the scope (Passi, 2018). The policy should point out what is in the scope and what is out of the scope.
References
Passi, H. (2018). Greycampus. Retrieved 26 May 2020, from https://www.greycampus.com/blog/information-security/essentials-of-an-information-security-policy
Tunggal, A. (2020). What is an Information Security Policy? Retrieved 26 May 2020, from https://www.upguard.com/blog/information-security-policy
