Search the Internet for any Organization with more than one type of security Policy. Identify/Answer the following questions:
- Organization Title
- Organization Security Policy URL
- What types of security policies does the organization have?
- Does the organization have any Issue-specific Security Policy? What is it?
- Who issued all policies? Same office or Person?
- Using what you have learned in this chapter, Which areas are missing in the security policy? Why is this/these areas are important?
1. Define information security policy and fine why it is important to the success of the InfoSec program?
2. List and describe the three challenges in shaping policy. Support your answer with examples.
3. Differentiate between policies and standards.
4. Explain the bull’s-eye model. What does it say about policy in the InfoSec program?
5. Differentiate between policies and procedures?
6. What must be done after a policy is approved by management to create an effective policy? How to achieve this?
7. Explain the steps for policy development using SDLC (list phases and define input, process, output within each)