A modular method, however, incorporates the best of both of these worlds.In this lesson, youll learn more about the ISSP, what it includes and the best way to create and manage these documents.To enable him to travel between the organizations many facilities, the IT department equipped him with a laptop.
On the weekends, Matt takes the company-issued laptop home to catch up on extra work. Issue Specific Security Policy Examples Series While HesIt also allows him to stream his favorite web-based drama series while hes preparing dinner. Matt is a bit taken aback by the comment because he doesnt think hes done anything wrong. The IT leader only gives Matt a warning and directs him to the companys issue-specific security policy. But, what exactly does this policy entail Learning About The ISSP An issue-specific security policy, or ISSP for short, is developed by an organization to outline the guidelines that govern the use of individual technologies in that organization. In Matts example above, the company likely has an ISSP in place regulating internet usage on company machines - which Matt clearly violated. Ideally, a company will address every tech component it owns inside this document, ranging from computers to digital cameras to tablets to copying machines and much more. An ISSP educates employees about how they are to conduct themselves, but also protects the company from any ambiguity regarding technology usage. For example, an ISSP that clearly spells out that employees may not connect their personal devices to the companys network should be enough to keep employees from doing so or provide a way to discipline them if they refuse to comply. The one downside to an ISSP is that it must be regularly updated as technologies change and are added. Essential ISSP Components So, youre working toward building an ISSP for your organization and you dont know what to include. If a company wants to restrict the use of email to only official business, this is where it should be specified, for example. This section may also explain that user activity on a given system is subject to monitoring, a common workplace policy. Prohibited Usage outlines what the system or technology may not be used for. This section is especially important for potential disciplinary action, as it clearly defines usage that is off-limits. Its also good to include how employees can report violations to management. This part basically states that the company will not be held liable for the actions of an employee who violates the ISSP. What does that mean Individual departments may want to create specialized policies for the system or technology they control. This means lots of paperwork and lots of opportunities for updates to slip through the cracks. Contrast that with one comprehensive ISSP, detailing each and every system and technology in a company. If you have a small organization, this may not be an issue, but try it in a large company and it could be trouble.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |