Question

search for sample security policies on the web. identify five eisp and five issp sample policies and bring them to class. compare these with the framework presented in this chapter and comment on the policies' comprehensiveness.

Answer 1

For Electronic Information System Policies (EISP), the policies are:

1. Acceptable Use Policy from the University of California, Berkeley
2. Password Policy from the National Institute of Standards and Technology (NIST)
3. Data Classification Policy from the U.S. Department of Defense (DoD)
4. Data Backup Policy from the U.S. Small Business Administration (SBA)
5. Social Media Policy from the U.S. Department of State

For Information System Security Policies (ISSP) the policies are:

1. Access Control Policy from the U.S. Department of Energy (DOE)
2. Network Security Policy from the U.S. Department of Homeland Security (DHS)
3. Incident Response Policy from the SANS Institute
4. Change Management Policy from Microsoft
5. Physical Security Policy from the PCI Security Standards Council

Therefore, the above policies addresses specific aspects of information security. Note that the EISPs focus on the use and management of electronic information systems, while the ISSPs focus on the total security of the organization's information systems.