WHAT WAS DONE:
The issue-specific security policy was the main focus for this research paper. An analysis of the policy itself was conducted and also a set of guidelines were developed that comply with this policy. The components of the policy and how organisations would use them were looked into. The reason for choosing the issue-specific security policy was because it was the least investigated yet potentially the most important policy of all three key policies. The purpose of the task itself was to enable students to gain a deeper understanding of the effects and uses of security policies which in turn further expanded our knowledge of how rules and regulations are structured in the corporate world. WHY WAS IT DONE: The issue-specific security policy is the least investigated policy of the three main ones. It was also brought to attention that the ISSP encompassed an intemdiatary between the enterprise information security policy and the system specific security policy thus being the most interesting of the policies to research. Another reason why this policy in particular was research is because it was interesting to investigate how organisations would develop a policy based on issues rather than a specific technology used in the organisation. Also the ISSP seems the most critical and important of the three. HOW WAS IT DONE:
The research was conducted though I based most of my work on the principles of the information security text book. The guidelines that were developed were a mash of ideas that are considered essential to the operation of an organisation and the critical elements needed within a business environment. WHAT WAS FOUND:
Sources were lacking for this specific policy, even through UOW’s summon search engine. Journals could not be found that matched the phrase word-for-word. Despite this a comprehensive guide to and understanding of ISSP was compiled in the course text book which enabled most of the information to be understood. WHAT IS THE SIGNIFICANCE OF THE FINDINGS
These findings allow for a deeper understanding of the structure of an organisations attempt at enforcing some type of system that’s based on integrity and means of protecting the organisation and its interests. Though even through this various sources showed how past-organisations could have endured had they implemented solid security policies to enable some form of defence against corporate attacks and claims of theft of intellectual property. INTRODUCTION
Introduction to topic:
Security policies are without doubt vital elements of every modern functional and succeeding organisation. These policies affect and apply to everyone within an organisation including general employees, information technology sector, and the marketing segment and so on. Policies are often developed by means of application to a specific sector, meaning a figure head of a particular faculty within the business if given legal permission to develop a set of rules for their sector alone. Though this research report stems from the information technology branch and so will be centrally focused on information security policy types. Within this context information security policies are based on the principle of how certain issues should be dealt with in case of their occurrence, of which can be either specific or broad organisation based issues. Also policies should indicate how technologies within the business should be used and how to approach issues with the technology. A common misconception of security policies is that they detail how the technology will be used, though this is not the case. This information is detailed within the “standards, procedures, and practices of user’s manuals and system documentation” (Whiteman, Mattord, 2011). The essential mind set when dealing with the development and infrastructure of a security policy is that “policy should never contradict law” (Whiteman, Mattord, 2011) as developing a security policy that conflicts...