06 May Issue-Specific Security Policies
Order Instructions
Part 1: Issue-Specific Security Policies
NIST SP 800-12 Rev 1 recommends three types of information security policies to help organizations create, maintain, and develop an effective Information Security Program, with the objective of reducing risks, complying with laws and regulations, assuring operational continuity, and applying informational confidentiality, integrity, and availability.
One type is Issue-Specific Security Policies (ISSP). For each of the following issues, use “NIST SP 800-12 Rev 1,” located in the topic Resources, to create an ISSP document. Make sure to address the following for each policy: Issue Statement, Statement of the Organization’s Position, Applicability, Roles and Responsibilities, Compliance, Points of Contact, and Supplementary Information.
Use of personal equipment on your company’s network (BYOD)
Internet access
Personal use of company equipment
Removal of organizational equipment from your company’s property
Use of unofficial software
Part 2: Legal Standard Operating Policies and Procedures
A thorough legal standard operating policies and procedures (SOP) document is the foundation of a good business continuity plan. Standard operating procedures and polices provide the roadmap for management and staff to follow. These steps become the backbone of the business continuity plan, and they must govern every aspect of your chosen company.
Using the Business Continuity Plan (BCP) – Phase 1 content developed in CYB-515, design a 4- to 6-page manual presenting the legal standard operating policies and procedures to describe incidents including fire evacuation, ransomware attack, power outage, and pandemic situations.
Each policy or procedure must include information related to:
Industry Compliance
Business Operations
Training and Awareness
Disaster Recovery
Incident Response
Support the BCP with a minimum of three scholarly resources.
