Write 3 policies, each geared to a different type of organization. The primary introduction for this topic is in Chapter 4 of the textbook Principles of Information Security 5th edition; Michael Whitman, Herbert Mattord. However, you can conduct some additional research to gain a better understanding of these policies.
The first policy is an Enterprise Information Systems Policy (EISP).Write this policy from the perspective that you are part of a large medical organization that stores patient history on your network. Use the components of an EISP as described in Table 4-1 on page 164 of the textbook.
The second policy is an Issue-Specific Security Policy (ISSP).You will write an Independent ISSP that is tailored to a specific issue. You may choose any one of the 10 topics listed at the top of page 165 of the textbook as your Issue-Specific topic. Write this policy from the perspective of the manager of a department within an organization that works with highly classified material on a regular basis. Use the components of an ISSP as described in Table 4-2 on page 166 of the textbook.
The third policy is also an Issue-Specific Security Policy (ISSP).Select a different topic from the same list on page 165 of your text. In this case, write the policy from the perspective of a manager that has no employees located in the main building of the organization. All employees in this department work from home and are spread throughout the country. They must access the company's servers and storage for information to do their jobs. This information is sensitive to the company but not highly classified. Use the components of an ISSP as described in Table 4-2 on page 166 of the textbook.