Information and Communication Security
ABSTRACT
WHAT WAS DONE:
The issue-specific security policy was the main focus for this research paper. An analysis of the policy itself was conducted and also a set of guidelines were developed that comply with this policy. The components of the policy and how organisations would use them were looked into.
The reason for choosing the issue-specific security policy was because it was the least investigated yet potentially the most important policy of all three key policies. The purpose of the task itself was to enable students to gain a deeper understanding of the effects and uses of security policies which in turn further expanded our knowledge of how rules and regulations are structured in the corporate world.
WHY WAS IT DONE: The issue-specific security policy is the least investigated policy of the three main ones. It was also brought to attention that the ISSP encompassed an intemdiatary between the enterprise information security policy and the system specific security policy thus being the most interesting of the policies to research. Another reason why this policy in particular was research is because it was interesting to investigate how organisations would develop a policy based on issues rather than a specific technology used in the organisation. Also the ISSP seems the most critical and important of the three.
HOW WAS IT DONE:
The research was conducted though I based most of my work on the principles of the information security text book. The guidelines that were developed were a mash of ideas that are considered essential to the operation of an organisation and the critical elements needed within a business environment.
WHAT WAS FOUND:
Sources were lacking for this specific policy, even through UOW’s summon search engine. Journals could not be found that matched the phrase word-for-word. Despite this a comprehensive guide to and understanding of ISSP was compiled in the course text book which enabled most of the information to be understood.
WHAT WAS DONE:
The issue-specific security policy was the main focus for this research paper. An analysis of the policy itself was conducted and also a set of guidelines were developed that comply with this policy. The components of the policy and how organisations would use them were looked into.
The reason for choosing the issue-specific security policy was because it was the least investigated yet potentially the most important policy of all three key policies. The purpose of the task itself was to enable students to gain a deeper understanding of the effects and uses of security policies which in turn further expanded our knowledge of how rules and regulations are structured in the corporate world.
WHY WAS IT DONE: The issue-specific security policy is the least investigated policy of the three main ones. It was also brought to attention that the ISSP encompassed an intemdiatary between the enterprise information security policy and the system specific security policy thus being the most interesting of the policies to research. Another reason why this policy in particular was research is because it was interesting to investigate how organisations would develop a policy based on issues rather than a specific technology used in the organisation. Also the ISSP seems the most critical and important of the three.
HOW WAS IT DONE:
The research was conducted though I based most of my work on the principles of the information security text book. The guidelines that were developed were a mash of ideas that are considered essential to the operation of an organisation and the critical elements needed within a business environment.
WHAT WAS FOUND:
Sources were lacking for this specific policy, even through UOW’s summon search engine. Journals could not be found that matched the phrase word-for-word. Despite this a comprehensive guide to and understanding of ISSP was compiled in the course text book which enabled most of the information to be understood.
References: Whiteman, Mattord, M.E.W, H,J,M 2011, Principles of Information Security, Cengage learning, Kennesaw State University Ogg, E.O 2011, Hackers steal more customer info from Sony Servers, 09/09/2011, http://news.cnet.com/8301-31021_3-20068414-260/hackers-steal-more-customer-info-from-sony-servers/ Nintendo Privacy Policy Administrators 2011, Online Privacy Policy, 10/09/2011, http://www.nintendo.com/corp/privacy.jsp ADDITIONAL SOURCES used but not cited Microsoft Staff 2011, Microsoft Online Privacy Notice Highlights, 07/09/2011, http://privacy.microsoft.com/en-us/default.mspx Sony Staff (EFFECTIVE) 2004, Terms of use / Privacy Policy, 10/09/2011, http://www.sony.com/terms.shtml#basics