Detail how an enterprise information security policy (EISP) is also known as a general security policy, organizational security policy, IT security policy, or information security policy. This policy sets the strategic direction, scope, and tone for all security efforts within the organization.
Arrange the understanding that the EISP is often an executive-level document drafted by the CIO and is about 2 to 10 pages long.
Recall the guidance that the NIST provides and that the EISP typically addresses compliance in the following two areas:
General compliance to ensure meeting the requirements to establish a program and the responsibilities assigned therein to various organizational components.
The use of specified penalties and disciplinary action.