A security policy is a document that provides employees with clear instructions about acceptable use of company confidential information, explains how the company secures data resources and what it expects of the people who work with this information. Most importantly, the policy is designed with enough flexibility to be amended when necessary.

You are working in organization X, and you are supposed to develop an issue-specific security policy, you can pick one issue from Table.1 [1] (In the photos)

Your Task is:

• To develop the different sections of your policy and adequate procedure(s), you can refer to SANS Policy Templates [2].

References:

[1] Developing an Information Security Policy: A Case Study Approach, Fayez Hussain Alqahtani. 4th Information Systems International Conference 2017, ISICO 2017, 6-8 November 2017, Bali, Indonesia.

[2] https://www.sans.org/information-security-policy/

Transcribed Image Text:

Table 1. Information Security Focus Areas. ISP focus areas Password management Email use Internet use Social networking site (SNS) usc Mobile computing Information handling Sub-areas Locking workstation Password sharing Choosing a good password Forwarding emails Opening attachments IT department's level of responsibility Installing unauthorised software Accessing dubious websites Inappropriate use of the Internet Amount of work time spent on SNS Consequences of SNS Sending sensitive information via mobile networks Checking work email via free networks Disposing of sensitive documents Inserting DVDs and USB devices Leaving sensitive material unsecured