Issue - Specific Security Policy (ISSP)

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 2

Issue- specific security policy (ISSP)

Provides detailed, focused steering to train the employer in steady use of era systems, and starts with creation to essential
technological philosophy of the employer ¨ Serves to guard worker and employer from inefficiency and ambiguity; files how the
era-primarily based totally machine is controlled; and identifies the methods and government that offer this control. Serves to
indemnify the employer in opposition to legal responsibility for a worker beside the point or unlawful machine use. Every
employer’s ISSP should: Address particular era-primarily based totally systems, require common updates and include a trouble
declaration at the employer’s function on a trouble.
ISSP topics could include
ISSP topics should consist of digital mail, use of the Internet and the World Wide Web, particular minimal configurations of
computer systems to shield in opposition to worms and viruses, prohibitions in opposition to hacking or trying out employer
protection controls, domestic use of organization-owned laptop device, use of private device on organization networks, use of
telecommunications technologies, and use of photocopy device.
Components of the ISSP
Statement of Purpose: Scope & Applicability, Definition of Technology Addressed, Responsibilities. Authorized Access
& Usage of Equipment: User Access Fair & Responsible Use Protection of Privacy. Prohibited Usage of Equipment:
Disruptive Use or Misuse Criminal Use Offensive or Harassing Materials Copyrighted, Licensed, or other Intellectual Property
Other Restrictions. Systems Management: Management of Stored Materials Employer Monitoring Virus Protection Physical
Security Encryption. Violations of Policy: Procedures for Reporting Violations Penalties for Violations. Policy Review &
Modification: Scheduled Review of Policy & Procedures for Modification. Limitations of Liability: Statements of Liability or
Disclaimers.
Computer Science Common approaches to implementing ISSP
Number of independent ISSP documents, Single comprehensive ISSP document, Modular ISSP document that unifies policy
creation & administration. Recommended approach is modular policy, which provides a balance between issue orientation &
policy management.

You might also like