Writing an Information Security Policy

Description

Writing an Information Security Policy

The paper will be written in Microsoft Word, double-spaced, using 12-point Arial Font. The paper will have a minimum of 5 complete pages in the body and 3 references. All Research Papers are to follow the APA writing style

 Information Security Policy : You are responsible for completing and turning in an Information Security Policy. Has to be a policy and have these steps

1. Scope — should address all information, systems, facilities, programs, data, networks and all users of technology in the organization, without exception 2. Information classification — should provide content-specific definitions rather than generic “confidential” or “restricted” 3. Management goals — goals for secure handling of information in each classification category (e.g., legal, regulatory, and contractual obligations for security) may be combined and phrased as generic objectives such as “customer privacy entails no authorized cleartext access to customer data for anyone but customer representatives and only for purposes of communicating with customer,” “information integrity entails no write access outside accountable job functions,” and “prevent loss of assets” 4. Context — Placement of the policy in the context of other management directives and supplementary documents (e.g., is agreed by all at executive level, all other information handling documents must be consistent with it) 5. Supporting documents — include references to  supporting documents (e.g., roles and responsibilities, process, technology standards, procedures, guidelines) 6. Specific instructions — include instruction on well-established organization-wide security mandates (e.g., all access to any computer system requires identity verification and authentication, no sharing of individual authentication mechanisms) 7. Responsibilities — outline specific designation of well-established responsibilities (e.g., the technology department is the sole provider of telecommunications lines) 8. Consequences — include consequences for non-compliance (e.g., up to and including dismissal or termination of contract) This list of items will suffice for information security policy completeness with res