Question: Detail how an enterprise information security policy (EISP) is also known as a general security policy, organizational security policy, IT security policy, or information security

Detail how an enterprise information security policy (EISP) is also known as a general security policy, organizational security policy, IT security policy, or information security policy. This policy sets the strategic direction, scope, and tone for all security efforts within the organization.
Arrange the understanding that the EISP is often an executive-level document drafted by the CIO and is about 2 to 10 pages long.
Recall the guidance that the NIST provides and that the EISP typically addresses compliance in the following two areas:
General compliance to ensure meeting the requirements to establish a program and the responsibilities assigned therein to various organizational components.
The use of specified penalties and disciplinary action.

Step by Step Solution

3.33 Rating (174 Votes )

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock

Solution 1 An enterprise information security policy E IS P is a high level document that outlines a... View full answer

blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Principles Of Information Security Questions!

Q:

A cantilever beam of T-section is loaded by an inclined force of magnitude 6.5 kN (see figure). The line of action of the force is inclined at an angle of 60° to the horizontal and intersects the...

Q:

A Gantt chart is also known as a Waterfall model since it specifies the Dependant/order of tasks and allows for the allocation of resources. FYI: I am not a fan. There are many better/newer ways to...

Q:

The fair value of an asset is also known as the market value. Requirement: Making reference to the relevant international accounting standard, analyse how the fair value of an asset is measured in...

Q:

A product cost is also known as an inventoriable cost. Classify the following costs as either product (inventoriable) costs or period (non-inventoriable) costs in a manufacturing company. 1....

Q:

Find an example of an Enterprise Information Security Policy (EISP) and provide the following information: Supply a link to the policy (2 pts) What is the strategic direction for security within the...

Q:

9. Who is expected to be engaged in risk management activities in most organizations? 10. What are the basic strategies used to control risk? Define each. 11. What is a contingency plan? 12. List and...

Q:

***Use this Sources*** Development / Implementation Policy and Procedures or Standards Optum, a subsidiary of UnitedHealthcare, does not have a published policy and or procedure for outsourcing IT to...

Q:

Complete case requirements 1-4 (exhibit 2) and fill out chart on exhibit 3 ISSUES IN ACCOUNTING EDUCATION Vol. 24, No. 1 February 2009 pp. 63-76 Assessing Information Technology General Control Risk:...

Q:

All the requirement is in the attach file, please give me the answer as soon as possible. ISSUES IN ACCOUNTING EDUCATION Vol. 24, No. 1 February 2009 pp. 63-76 Assessing Information Technology...

Q:

CREDIT CARD HEIST AT THE HEARTBREAK CAF By Galen Collins (2012), Journal of Hospitality and Tourism Cases Volume 2, Issue 1 ABSTRACT Tom Petrov, the owner and operator of four restaurants, grapples...

Q:

As a consultant to TechCare, study the case study below in proposing a draft Corporate Information Security Policy (CISP) for TechCare.com. STEP 1: In preparation for drafting the CISP contents (Step...

Q:

A $100,000 bond portfolio generates exactly $9,000 per year in income. Another $100,000 portfolio currently yields $7,000 per year in income, but this amount is expected to grow at 4 percent...

Q:

"You can't write up assets," said Nick Toby, internal audit director of Nadir International Inc., to his boss, Jim Majewski, vice-president and chief financial officer. "Nonsense," said Jim, "I can...

Q:

ou want to purchase a new car in 6 years and expect the car to cost $25 comma 000. Your bank offers a plan with a guaranteed APR of 6.5 % if you make regular monthly deposits. How much should you...

Q:

Instead of erudite language, use concrete language based on short words; uncomplicated sentences that alternate between long and short and; and, especially, short paragraphs that build in lots of...

Q:

List and describe the sets of procedures used to detect, contain, and resolve an incident.

Q:

List and describe the IR planning steps.

Q:

List and describe the actions that should be taken during an incident response.

Q:

Asset K has an expected return of 14 percent and a standard deviation of 32 percent. Asset L has an expected return of 7 percent and a standard deviation of 12 percent. The correlation between the...

Q:

Quantitative Problem: Barton Industries expects next year's annual dividend, D1, to be $2.50 and it expects dividends to grow at a constant rate g = 4.3%. The firm's current common stock price, Po,...

Q:

The subject is facility management 1, How might non-profit versus for-profit status of your organization affect how you distribute the proceeds of your 50/50 raffle? Case STUDY The 50/50 Raffle Goes...