Information Security Management- Assignment
Added on - 15 Apr 2020
Running head:POLICY DOCUMENT ON INFORMATION SECURITYPolicy document on Information security management and compliance(University of Hertfordshire)Name of the student:Name of the university:Author Note
1POLICY DOCUMENT ON INFORMATION SECURITYPolicy Document on Acceptable Use Policy (AUP)1. Background towards developing the policy:The policy document is the continuation of analysis and identification of the risks regardingthe current security policies and set up. It is also found from the analysis of the current system thatthere have been various risks related to the system that are still needed to be addressed or solved.The policies were needed to be modified, and various new steps are taken to address the relatedrisks.The policy demonstrated the AUP or Acceptable Use Policy. It also includes the lines of theISO27000 family. It also links the BYOD, or the “Bring Your Device Policy” to the AUP. All theintegrities, confidentialities and the availabilities of the challenges information assets are analyzedhere.2. Purpose:The BYOD program involves the students and parents to bring their mobile devicessupporting the learning and teaching tasks. For the program, the mobile device indicates the student-owned device like the laptop, iPod touch, suitable phone and tablet. It must be reminded that thepersonal gaming devices are not permitted in the program.This risk analysis policy has documented the authority of University of Hertfordshire forconducting the investigations and taking actions as needed to analyze the risks in the university. Itintends to mitigate the measures for reducing, eliminating and managing the risks. The documentspecifies when and how the risk analysis could be done and who have been behind thoseresponsibilities. Further, the policy determines how the risks could be identified for remediating it. Itis conducted keeping the authority of the Chief Security Officer.
2POLICY DOCUMENT ON INFORMATION SECURITY3. Scope:This policy applies to every data and systems on the organizational network operated orowned by the university. The policy is efficient since the date issues never expire till it getssuperseded by any other policy. However various risks analysis is particular to the system, the entirerisk to the organization is needed to be considered. Moreover, the general risk analysis of theuniversity functions is evaluated periodically like the risks to the network.4. Term Definitions:Risk:The chance of an undesirable outcome along with the harm that could occur.Risk assessment:This is the analysis of every possible risk with the implemented and non-implemented solutions for managing, eliminating and reducing the risks.Threat:It could be accidental, deliberate or result from any nature.5. Risk Assessment Participants and Skills:The staff members must perform the risk analysis. They must be familiar with the securityand technology. The leader here must be the security officer. The technical support staff and thebusiness owners must supply the information of risk assessment.6. The risk assessment method:This method is defined with the risk analysis process. It needs to be upgraded as needed. Thereason behind this is the outcomes of incidents and audits.