Week Two Program
Essay Preview: Week Two Program
Report this essay
CMGT 400, Week 4 Quiz
Instructions: Please respond to the following questions. There is no required answer length. However, be sure to adequately answer each question.
Q 1: Describe what should be included in an information security policy document?
Information that should always be provided in an “Information Security Policy Document” would be the following listed in detail below:
Purpose – an explanation of the policy that is being put in place to be used to avoid security threats.
Responsibilities – a clear breakdown of who will be controlling what areas on a daily basis.
Risk Assessment and the Classification of Information – an explanation of the risk the policy being present will control and the underlining classification of areas of information.
Protection of Information Systems and Confidential Information – explanation on how the company will implement control to insure the security of there internal information is being kept and confidential information is being managed properly.
Compliance – guidelines that should be follow in regards to the topic of the security policy.
Other relevant Policies and Guidance – related link that assist the topic of the security policy, additional documents that can provided a clear picture.
Contacts for Additional Information – used if policy needs to be updated and/or clarification is need about the policy.
Q 2: Describe the following. How are they related?
Policies – is a document that outlines the required security roles and responsibilities in which defines the scope of information that is in need of being protected.
Standards – is set in place to ensure that security measure are consistency being used across any business – and include business controls.
Guidelines – is a form of best practices that are being provided by a company – -not required to be used yet provided for situation when needed.
Procedures – provided specific details required to implement the controls in a step by step