Jewell 2
Influence of Law or Regulation
Most government agencies are subject to laws and regulations on information security. Laws like
the Federal Information Security Modernization Act (FISMA) and regulations like NIST standards often shape the development of information security policies for federal agencies. These agencies must set up regulations on how they’re going to go about securing their information and maintaining that security. These policies should be regularly updated to conform
with current threats technology faces.
IT Roles and Responsibilities
In large organizations such as the EPA, roles and responsibilities would be well defined to ensure
security had a broad range of coverage. Some of the roles could include security officers, network administrators, system administrators, etc. Responsibilities include setting up firewalls and detection systems and security training. You’d also want to ensure there was a position in charge of keeping up with technological changes in order to keep up to date with policies and requirements as well as possible threats to their security. Intended Audience
The intended audience of these policies are usually employees who have access and will be handling sensitive information, including the IT staff as well as non-technical staff. Security compliance with these policies is applicable and crucial to everyone in the organization.
Policy Enhancements
Policies can be enhanced by frequent, periodic reviews and adjustments depending on the current
technological world we find ourselves in. It’s imperative that we align with the evolving security
