Cyber Security Question
Q1. Discuss the purpose of an Information Security Policy and how it fits into an effective information security architecture. Your discussion should include the different levels of policies and what should be covered in an information security policy.
Q2. Discuss how an organization can apply the information life cycle to protect information. Make sure you discuss the different states of data and protection measures for those states.
Assignment Formatting Requirements:
- APA Standard 1-inch margins all around
- Standard font (e.g., Arial, Times Roman, Calibri, Tahoma, etc.)
- 12-pt font size
- Double-spaced
- No cover page – use a simple heading at the top of the first page with Course #/Title, Exam Name, Your Name, and Date (this heading can be left-justified, centered or right-justified)
- No Abstract
- Identify the question number for each response (e.g., “Essay Question #1”) – do not repeat the actual question text
- When using external sources, list the references immediately following the end of the essay question where used (do not put all references at the end of the document)
- Start Q2 on a new page
Answer preview
- There are various levels of information security policies which include the following. The organizational level policy is the core strategic plan for implementing security in an organization. The system-specific level policy which involved individual computer system and meant to present approved software and hardware. Lastly is the issue-specific level policy, which is concerned with specific functional aspects requiring more attention. The information security policies cover various elements, which include the following. The first one is the purpose which involves detecting and preempting information security breaches and creating the overall approach to information security (Srinivas, Das, & Kumar, 2019). Secondly, is the audience to whom information security applies. It also covers information security objectives such as confidentiality, integrity and availability of data within the organization. The other element is authority and access control policy with which the manager may have the authority to decide what data can be shared and with whom. There are several purposes of an information security policy which include the following. The major objective is to enact data protection (Srinivas, Das, & Kumar, 2019). Secondly, it establishes a detailed procedure for information security, creating an effective model for organizational information security. The other purpose is that it detects the misuse of information caused by third-party vendors. Lastly, it provides effective mechanisms to respond to inquiries and complaints on non-compliance with security requirements and data protection.
(597words)