1. What is information security policy? Why is it critical to the success of the information security program?

2. For a policy to have any effect, what must happen after it is approved by management? What are some ways this can be accomplished?

3. List and describe the three types of information security policy as described by NIST SP 800-14

4. List and describe the three approaches to policy development presented in the text. In your opinion, which is better suited for use by a smaller organization, and why? If the target organization were very much larger, which approach would be superior and why?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Sample Solution

This question has been answered.

Get Answer