Review the three categories of policy that are presented here. Enterprise information security policy (EISP): Developed within

Question:

Review the three categories of policy that are presented here. Enterprise information security policy (EISP): Developed within the context of the strategic IT plan, this sets the tone for the InfoSec department and the InfoSec climate across the organization. The CISO typically drafts the program policy, which is usually supported and signed by the CIO or the CEO.
Issue-specific security policies (ISSPs): These are sets of rules that define acceptable behavior within a specific organizational resource, such as e-mail or Internet usage.
Systems-specific policies (SysSPs): A merger of technical and managerial intent, SysSPs include both the managerial guidance for the implementation of a technology as well as the technical specifications for its configuration.

Fantastic news! We've Found the answer you've been seeking!

Step by Step Answer:

Related Book For  book-img-for-question

Principles Of Information Security

ISBN: 9780357506431

7th Edition

Authors: Michael E. Whitman, Herbert J. Mattord

Question Posted: