Part 1: Issue-Specific Security Policies
NIST SP 800-12 Rev 1 recommends three t
Part 1: Issue-Specific Security Policies
NIST SP 800-12 Rev 1 recommends three types of information security policies to help organizations create, maintain, and develop an effective information security program, so as to reduce risks, comply with laws and regulations, assure operational continuity, and apply informational confidentiality, integrity, and availability.
One type is issue-specific security policies (ISSP). For each of the following issues, use “SP 800-61 Rev. 2,” located in the topic Resources, to create an ISSP document that includes the following:
For each policy, include issue statement, statement of the organization’s position, applicability, roles and responsibilities, compliance, points of contact, and supplementary information.
Establish reporting and communication channels for internal and external stakeholders.
Use of personal equipment on your company’s network (BYOD)
Internet access
Personal use of company equipment
Removal of organizational equipment from your company’s property
Use of unofficial software
Design and development of an information security awareness and training program for an organization