A Comprehensive Report on Issue-Specific Support Policy in Management
VerifiedAdded on 2023/03/30
|6
|1200
|109
Report
AI Summary
This report provides a detailed analysis of issue-specific security policies (ISSP) in management. It begins by defining ISSP as a set of systematic rules for employees regarding the proper use of technology, emphasizing regular technology updates and the use of personal equipment. The report outlines the purpose of ISSP, which includes providing guidance on safe technology use, protecting the organization from risks, and complying with regulations. It also explains the key functions of ISSP, such as managing technology-based resources, ensuring frequent updates, and clarifying the organization's position on specific matters. Furthermore, the report identifies the core components of an ISSP, including the statement of purpose and authorized access and usage. Finally, it discusses different approaches to managing ISSP documents, such as individual, comprehensive, and modular policies, highlighting the benefits and shortcomings of each approach. The report concludes that ISSP is crucial for protecting organizations and employees from uncertainty and inadequacy.

Running Head: MANAGEMENT 0
Issue-Specific Support Policy
Issue-Specific Support Policy
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

MANAGEMENT 1
Introduction
The issue- specific security policy (ISSP) is established to plan the strategies which
will manage the technologies in the organization. ISSP can be explained as systematic rules
which are to be followed by employees concerning to the proper use of technology. This
policy states the technology and update is required regularly. The policy also includes the
matters related to the use of personal equipment, regular updates of software, usage of
photocopy tools, where company email is to be used ( Anderson, 2017).
This paper will state the purpose of ISSP and explain the functions, components of
ISSP and the ways to manage the ISSP document.
Purpose of ISSP
The purpose of issue-specific security policy is to provide the guidance to the
organization to use the technology safely and to protect the organization and employees from
uncertainty and inadequacy. This policy also helps to minimize the risk and helps to comply
with the regulations and laws. The ISSP prepares the documents regarding the control of
technology. This policy is required because it assists the employees in the organisational
needs and direction. The ISSP has the authority to compensate the organization against
charge due to the employee’s illegal and inappropriate usage of system ( Carroll & Arkin,
2015).
Function of ISSP
The several technologies are implemented and guidelines are provided to use
properly.
Introduction
The issue- specific security policy (ISSP) is established to plan the strategies which
will manage the technologies in the organization. ISSP can be explained as systematic rules
which are to be followed by employees concerning to the proper use of technology. This
policy states the technology and update is required regularly. The policy also includes the
matters related to the use of personal equipment, regular updates of software, usage of
photocopy tools, where company email is to be used ( Anderson, 2017).
This paper will state the purpose of ISSP and explain the functions, components of
ISSP and the ways to manage the ISSP document.
Purpose of ISSP
The purpose of issue-specific security policy is to provide the guidance to the
organization to use the technology safely and to protect the organization and employees from
uncertainty and inadequacy. This policy also helps to minimize the risk and helps to comply
with the regulations and laws. The ISSP prepares the documents regarding the control of
technology. This policy is required because it assists the employees in the organisational
needs and direction. The ISSP has the authority to compensate the organization against
charge due to the employee’s illegal and inappropriate usage of system ( Carroll & Arkin,
2015).
Function of ISSP
The several technologies are implemented and guidelines are provided to use
properly.

MANAGEMENT 2
The three function described here are specific technology based resources, frequent
updates, and issue statement describing the position of organisation on specific matter. The
specific technology based resources includes usage of internet, e-mails, installation,
communication, immediate messaging, phone, fax, using the equipment of scanning and
photocopy and even using the personal equipment on networks of company (Liang, 2016).
The second function is frequent updates which means the changes will be required in
technology and equipment and also the update is required if there is change in the job
functions of the members of organisation. The ISSP must be a living document which means
it should be updated continuously. The alteration is required if the teleworking is allowed.
The frequent updates are necessary so that the technologies and equipment can be updated
timely otherwise the equipment and technology will be out of date. The third function is the
issue statement describing the position of organisation on specific matter. This function
describes that the company will be not liable for the illegal or inappropriate activities
committed by employees. When the employee will breach the policy or law for the
technologies owned by company than this is not the responsibility of company to protect the
employees (Soomro, 2016).
Component of an ISSP
Statement of purpose
The first component of an ISSP is the Statement of Purpose. The statement of purpose
means the policy should commence with the proper statement of purpose. The statement of
purpose includes the scope of policy, defines the responsibility and accountability for
implementing the policy and the policy applicability. The statement also gives the brief
overview regarding the technology. This defines who will be responsible for the particular
technology. The statement of purpose is first component because it explains about the
The three function described here are specific technology based resources, frequent
updates, and issue statement describing the position of organisation on specific matter. The
specific technology based resources includes usage of internet, e-mails, installation,
communication, immediate messaging, phone, fax, using the equipment of scanning and
photocopy and even using the personal equipment on networks of company (Liang, 2016).
The second function is frequent updates which means the changes will be required in
technology and equipment and also the update is required if there is change in the job
functions of the members of organisation. The ISSP must be a living document which means
it should be updated continuously. The alteration is required if the teleworking is allowed.
The frequent updates are necessary so that the technologies and equipment can be updated
timely otherwise the equipment and technology will be out of date. The third function is the
issue statement describing the position of organisation on specific matter. This function
describes that the company will be not liable for the illegal or inappropriate activities
committed by employees. When the employee will breach the policy or law for the
technologies owned by company than this is not the responsibility of company to protect the
employees (Soomro, 2016).
Component of an ISSP
Statement of purpose
The first component of an ISSP is the Statement of Purpose. The statement of purpose
means the policy should commence with the proper statement of purpose. The statement of
purpose includes the scope of policy, defines the responsibility and accountability for
implementing the policy and the policy applicability. The statement also gives the brief
overview regarding the technology. This defines who will be responsible for the particular
technology. The statement of purpose is first component because it explains about the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.

Trusted by 1+ million students worldwide

MANAGEMENT 3
responsibility and accountability and provides the brief overview of the policy and its
applicability ( Eriksen, 2015).
Authorized Access and Usage
The second component of an ISSP is Authorized Access and Usage. This component
is related with the security of personal information and also describes the responsible usage
of the assets and equipment of the organization. This section explains about the technology
where it can be used and who can authorise to the technology ruled by policy. The authorized
use helps to protect the privacy. The authorized access is required because it provides the
privacy and explains the responsible user. When the technology is explained than the
authorized access and usage is required so that privacy can be maintained ( Hughes, 2015).
Ways to create the ISSP documents
The three ways are explained to manage the ISSP documents. These are to create the
individual policy related to the particular issue, to create a comprehensive policy regarding all
the issues, and to create a modular policy which joins the administration and policy formation
when maintaining the requirements of the particular issue. The benefit of the individual
policy is that the documents are written by the professional who is expert in the particular
technology system. The individual approach of managing ISSP may possibly be
unsuccessful to cover all required issues and this might lead to reduction in adequate
management, distribution, and execution (Whitman, 2016).
The comprehensive policy covers all the necessary matters and adequate control and
management is present in the comprehensive policy. This policy creates the required
guidelines to cover the necessary issues and this also recognises the process related to
distribution and execution. In almost cases, the policies are managed by the one who is
responsible to manage the resources of technology. The documents of comprehensive policy
responsibility and accountability and provides the brief overview of the policy and its
applicability ( Eriksen, 2015).
Authorized Access and Usage
The second component of an ISSP is Authorized Access and Usage. This component
is related with the security of personal information and also describes the responsible usage
of the assets and equipment of the organization. This section explains about the technology
where it can be used and who can authorise to the technology ruled by policy. The authorized
use helps to protect the privacy. The authorized access is required because it provides the
privacy and explains the responsible user. When the technology is explained than the
authorized access and usage is required so that privacy can be maintained ( Hughes, 2015).
Ways to create the ISSP documents
The three ways are explained to manage the ISSP documents. These are to create the
individual policy related to the particular issue, to create a comprehensive policy regarding all
the issues, and to create a modular policy which joins the administration and policy formation
when maintaining the requirements of the particular issue. The benefit of the individual
policy is that the documents are written by the professional who is expert in the particular
technology system. The individual approach of managing ISSP may possibly be
unsuccessful to cover all required issues and this might lead to reduction in adequate
management, distribution, and execution (Whitman, 2016).
The comprehensive policy covers all the necessary matters and adequate control and
management is present in the comprehensive policy. This policy creates the required
guidelines to cover the necessary issues and this also recognises the process related to
distribution and execution. In almost cases, the policies are managed by the one who is
responsible to manage the resources of technology. The documents of comprehensive policy
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

MANAGEMENT 4
may be written by the less expertise in the matter in comparison to the individual policy. The
modular policy is responsible to deliver the balance between the aligning the issues and
managing policy. This policy also helps in including the individual units and this is updated
and created by the responsible individual for the particular issue and they report to the central
administration which combines the particular issues into the complete comprehensive policy.
The documents related to modular policy are written by the expertise. In short, this policy
maintains the balance between individual ISSP approach and comprehensive ISSP approach.
The shortcoming of this approach is that the implementation of the policy can be difficult in
managing (Gracceva, 2015).
Conclusion
This can be concluded from the paper that issue specific security policy is established
to plan the strategies which will manage the technologies in the organisation. From the paper
this can be analysed that the issue specific security policy helps to protect the company and
the employees from uncertainty and inadequacy. This paper has also analysed the ways to
manage the ISSP documents. The ways are individual, comprehensive and modular approach.
The first and second component of ISSP is also explained which is the statement of purpose
and the authorised access and usage.
This can be analysed that the policy is required to assist the employees in the
organisational needs and direction.
may be written by the less expertise in the matter in comparison to the individual policy. The
modular policy is responsible to deliver the balance between the aligning the issues and
managing policy. This policy also helps in including the individual units and this is updated
and created by the responsible individual for the particular issue and they report to the central
administration which combines the particular issues into the complete comprehensive policy.
The documents related to modular policy are written by the expertise. In short, this policy
maintains the balance between individual ISSP approach and comprehensive ISSP approach.
The shortcoming of this approach is that the implementation of the policy can be difficult in
managing (Gracceva, 2015).
Conclusion
This can be concluded from the paper that issue specific security policy is established
to plan the strategies which will manage the technologies in the organisation. From the paper
this can be analysed that the issue specific security policy helps to protect the company and
the employees from uncertainty and inadequacy. This paper has also analysed the ways to
manage the ISSP documents. The ways are individual, comprehensive and modular approach.
The first and second component of ISSP is also explained which is the statement of purpose
and the authorised access and usage.
This can be analysed that the policy is required to assist the employees in the
organisational needs and direction.

MANAGEMENT 5
Bibliography
Anderson, E. (2017, March 15). INFORMATION SECURITY POLICY TYPES: EISP, ISSP,
& SYSSP. Retrieved from Site Title:
https://eastonandersonwordpress.wordpress.com/2017/03/15/information-security-
policy-types-eisp-issp-syssp/
Carroll, P. J., & Arkin, R. M. (2015). Handbook of Personal Security. Psychology Press.
Eriksen, E. O. (2015). Reinforcing Executive Dominance: Norway and the EU’s foreign and
security policy. In The European Union's Non-Members. Routleedge.
Hughes, C. (2015). Japan foreign and security policy under the Abe Doctrine. Springer.
Gracceva, F. (2015). Assessing power system security. A framework and a multi model
approach. International Journal of Electrical Power & Energy Systems, 73, 283-297.
Liang, C. S. (2016). Europe for the Europeans: the Foreign and Security Policy of the
Populist Radical Right. Routledge.
Soomro, Z. A. (2016). Information security management needs more holistic approach: A
literature review. International Journal of Information Management, 36(2), 215-225.
Whitman, M. E. (2016). Management of Information Security. Cengage Learning.
Bibliography
Anderson, E. (2017, March 15). INFORMATION SECURITY POLICY TYPES: EISP, ISSP,
& SYSSP. Retrieved from Site Title:
https://eastonandersonwordpress.wordpress.com/2017/03/15/information-security-
policy-types-eisp-issp-syssp/
Carroll, P. J., & Arkin, R. M. (2015). Handbook of Personal Security. Psychology Press.
Eriksen, E. O. (2015). Reinforcing Executive Dominance: Norway and the EU’s foreign and
security policy. In The European Union's Non-Members. Routleedge.
Hughes, C. (2015). Japan foreign and security policy under the Abe Doctrine. Springer.
Gracceva, F. (2015). Assessing power system security. A framework and a multi model
approach. International Journal of Electrical Power & Energy Systems, 73, 283-297.
Liang, C. S. (2016). Europe for the Europeans: the Foreign and Security Policy of the
Populist Radical Right. Routledge.
Soomro, Z. A. (2016). Information security management needs more holistic approach: A
literature review. International Journal of Information Management, 36(2), 215-225.
Whitman, M. E. (2016). Management of Information Security. Cengage Learning.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.

Trusted by 1+ million students worldwide
1 out of 6
Related Documents

Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.