Information Security Policy Development
Well-managed information security programs include the development and enforcement of information security policies. There is, however, a fair amount of diversity in how government agencies and organizations approach the task of creating and enforcing information security policies.
Use the study materials and engage in any additional research needed to fill in knowledge gaps. Then discuss the following:
- Describe the steps to choosing the appropriate security policy selection and organization that an organization will implement.
- Identify the roles and responsibilities that are appropriate for information security policy creation team members.
- Explain what mechanisms will be included in the policy creation process to ensure fair and equitable enforcement of these policies once implemented.