Security Policy Description Term Paper Example | Topics and Well Written Essays - 1750 words

Security Policy Description - Term Paper ExampleIn the current scenario thither is no insurance insurance in place, as the company is new. One key element for a policy development process is the process maturity level. For instance, a newly derived comprehensive and complex security policy cannot be successful because organizations need time for compliance. Common pitfalls for compliance are different organization cultures, pretermit of management buy-in, insufficient resources and many other agentive roles. For a newly inaugurated car leasing company, the initial step would be to publish a policy that includes bulleted points i.e. in the exercise of checklists. Afterwards, when the processes are matured, more policies can be developed with comprehensive and detailed requirements along with documentations for Standard operating procedures (SOP). Moreover, providing awareness of the newly developed policy ordain also need time to mature and align with different departmental poli cies already in place. To gain management buy in for any newly develop policy, it must be operational as early as possible so that changes can be made and customized in alignment with the embodied business requirements. As the policy development process can be triggered at various stages, regulations are vital motivators that are one of the key reasons for develop or modifying a policy. Moreover, any security breach resulting in a poor incident response plans and procedures can also be a factor to review or create a new incident response policy and incident response plan. The top-down approach that will consult policy making from best practices and regulations will make besides the presence of an non-natural policy with no results, as it will not be effective in the existent world scenario. On the other hand, bottom-up approach that will take inputs from the network administrator or Information Technology specialist will be too specific and according to the local practices that w ill not address issues in the current operational environment of a corporate organization. Recommendations will be to find a balance and combination between these two approaches. --------------------------------------- Information Security Policy Document (ISPD) for AMERCO Car Leasing Company The selective development security policy is drafted from one of the templates from SANS that claims on their website to be the most trusted and the largest source for information security research in the world that focuses on certification, research and training. Moreover, many authors confer to SANS information security policy templates to facilitate organizations for an initial step of fundamental and basic requirements that are stated in these templates. However, in some cases these policy templates only require a change in the name of organization only. In spite, the focus needs to be on aligning business objectives to the policy, as it is considered to be one of the vital controls that govern from top to bottom (Chen, Ramamurthy, and Wen 157-188). 1. Purpose This policy demonstrates requirements for protecting or securing information for AMERCO Car Leasing company information and information that is classified and categorized as confidential cannot be conceded or breached and the services related to production and third party service providers security is safeguarded from the operations of the information security and AMERCO Car Leasing company. 2. Scope This policy is applicable to employees and third parties who have access to head