There are three basic approaches while creating and managing ISSPs: 1.Īdditionally, applicable distinctions and conditions might then required to be included, for instance, for software privately owned by employees but approved for the usage at work and for software owned and used by other businesses under contract to the organization. Every organization’s ISSP has 3 characteristics.Addresses specific technology based systems.Requires frequent updates.Contains an issue statement on the organization’s position on an issue. Issue-specific policies serve to provide guidelines for the further development of generates and practices within functional elements of an organization. In this manner, issue specific IT security policies help to standardize activities and reduce potential risks posed by inadequate and inappropriate treatment of the IT resources. The types of subjects covered by issue specific policies are areas of current relevance, concern, and, at times, controversy upon which the organization is required to assert a position. Issue specific Policy Whereas program level policy is intended to address broadest aspects of IT security and IT security program framework, issue specific policies are required to be developed to address particular types of activities and, in some environments, particular systems. ![]() ![]() Issue-Specific Security Policy (ISSP) The ISSP addresses specific areas of technology, needs frequent updates and having statement on organization’s position on a particular issue.
0 Comments
Leave a Reply. |