Assignment: InfoSec Review
Part 1: Review Questions
1. What is information security policy? Why is it critical to the success of the information security program?
2. For a policy to have any effect, what must happen after it is approved by management? What are some ways this can be accomplished?
3. List and describe the three types of information security policy as described by NIST SP 800-14
4. List and describe the three approaches to policy development presented in the text. In your opinion, which is better suited for use by a smaller organization, and why? If the target organization were very much larger, which approach would be superior and why?
Part 2: Module Practice
Draft a sample issue-specific security policy for an organization. At the beginning of your document, describe the organization for which you are creating the policy, and then complete the policy using the framework. What other scenarios do you think are important enough to need a plan?
Whitman, M. E., & Mattford, H. J. (2019). Management of information security. Boston, MA: Cengage Learning.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also include a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also Include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.