ISSP Policy on $\{$Issue$\}$ for $\{$Case Organization$\},\{$Your Name$\}$ ISSP on $\{$Issue$\}$ for $\{$Case Organization$\}$ In this section the student should write a complete ISSP on the topic provided, using the outline below, as described in the text to serve as an example the organization can follow in writing the other ISSPs $($typically $5-10$ pages$)..$ Be sure to format your final policy the same as the template $($text $\mathrm{.}25$ indented, $12$ point Times New Roman, lines $1\mathrm{.}5$ spaced, paragraphs with $6$ point space after$).$ Everything in italics should be replaced or deleted before submitting your assignment $1.$ STATEMENT OF PURPOSE The ISSP should begin with a clear statement of purpose that outlines the scope and applicability of the policy. It should address the following questions: What purpose does this policy serve? Who is responsible and accountable for policy implementation? What technologies and issues does the policy document address? a$.$ Scope and Applicability b$.$ Definition of Technology Addressed c$.$ Responsibilities $2.$ AUTHORIZED USES This section of the policy statement explains who can use the technology governed by the policy and for what purposes. This section defines $$fair and responsible use$$ of equipment and other organizational assets, and it addresses key legal issues, such as protection of personal information and privacy. The policy makes any use for any purpose not explicitly identified a misuse of equipment. a$.$ User Access b$.$ Fair and Responsible Use $1$ ISSP Policy on $\{$Issue$\}$ for $\{$Case Organization$\},\{$Your Name$\}$ c$.$ Protection of Privacy $3.$ PROHIBITED USES While the previous section specifies what the issue or technology can be used for, this section outlines what it cannot be used for. Unless a particular use is clearly prohibited, the organization cannot penalize employees for it$.$ In some organizations, that which is not permitted is prohibited; in others, that which is not prohibited is permitted. In either case, be sure to state clearly the assumptions and then spell out the exceptions. a$.$ Disruptive Use or Misuse b$.$ Criminal Use c$.$ Offensive or Harassing Materials d$.$ Copyrighted, Licensed, or Other Intellectual Property e$.$ Other Restrictions $4.$ SYSTEMS MANAGEMENT This section focuses on the users$$ responsibilities with regard systems and data management. A company may want to issue specific rules regarding the use of e$-$mail and electronic documents, and storage of those documents, as well as guidelines about authorized employer monitoring and the physical and electronic security of e$-$mail and other electronic documents. This should also address retention policies, and the minimum and maximum times certain files may be retained and how, in accordance with relevant laws, regulations and guidelines. The Systems Management section should specify users$$ and systems administrators$$ responsibilities, so that all parties know what they are accountable for. $2$ ISSP Policy on $\{$Issue$\}$ for $\{$Case Organization$\},\{$Your Name$\}$ a$.$ Management of Stored Materials b$.$ Employer Monitoring c$.$ Virus Protection d$.$ Physical Security e$.$ Encryption $5.$ VIOLATIONS OF POLICY This section specifies the penalties and repercussions of violating the usage and systems management policies. Penalties should be laid out for each violation. This section should also provide instructions on how to report observed or suspected violations, either openly or anonymously, because some employees may fear that powerful individuals in the organization could retaliate against someone who reports violations. Anonymous submissions are often the only way to convince individual users to report the unauthorized activities of other, more influential employees. a$.$ Procedures for Reporting Violations b$.$ Penalties for Violations $6.$ POLICY REVIEW AND MODIFICATION Every policy should contain procedures and a timetable for periodic review. This section should outline a specific methodology for the review and modification of the ISSP, so as to ensure that users always have guidelines that reflect the organization$$s current technologies and needs. a$.$ Scheduled Review of Policy $3$ ISSP Policy on $\{$Issue$\}$ for $\{$Case Organization$\},\{$Your Name$\}$ b$.$ Procedures for Modification $7.$ LIMITATIONS OF LIABILITY The final section offers a general statement of liability or a set of disclaimers. If an individual employee is caught conducting illegal activities with organizational equipment or assets, management does not want the organization to be held liable. In other words, if employees violate a company policy or any law using company technologies, the company will not protect them and the company is not liable for their actions, assuming that the violation is not known or sanctioned by management. a$.$ Statements of Liability b$.$ Other Disclaimers REFERENCES Here you should describe all references and support documents used in the creation of this project in APA format.