Security Policy Description Term Paper Example | Topics and Well Written Essays - 1750 words

Security Policy Description - Term Paper Example In the current scenario there is no policy in place, as the company is new. One key element for a policy development process is the process maturity level. For instance, a newly derived comprehensive and complex security policy cannot be successful because organizations need time for compliance. Common pitfalls for compliance are different organization cultures, lack of management buy-in, insufficient resources and many other factors. For a newly inaugurated car leasing company, the initial step would be to publish a policy that includes bulleted points i.e. in the form of checklists. Afterwards, when the processes are matured, more policies can be developed with comprehensive and detailed requirements along with documentations for Standard operating procedures (SOP). Moreover, providing awareness of the newly developed policy will also need time to mature and align with different departmental policies already in place. To gain management buy in for any newly develop policy, it must be operational as early as possible so that changes can be made and customized in alignment with the corporate business requirements. As the policy development process can be triggered at various stages, regulations are vital motivators that are one of the key reasons for developing or modifying a policy. Moreover, any security breach resulting in a poor incident response plans and procedures can also be a factor to review or create a new incident response policy and incident response plan. The ‘top-down’ approach that will consult policy making from best practices and regulations will make only the presence of an non-natural policy with no results, as it will not be effective in the real world scenario. On the other hand, ‘bottom-up’ approach that will take inputs from the network administrator or Information Technology specialist will be too specific and according to the local practices that will not address issues in the current operational environment o f a corporate organization. Recommendations will be to find a balance and combination between these two approaches. --------------------------------------- Information Security Policy Document (ISPD) for AMERCO Car Leasing Company The information security policy is drafted from one of the templates from SANS that claims on their website to be the most trusted and the largest source for information security research in the world that focuses on certification, research and training. Moreover, many authors refer to SANS information security policy templates to facilitate organizations for an initial step of fundamental and basic requirements that are stated in these templates. However, in some cases these policy templates only require a change in the name of organization only. In spite, the focus needs to be on aligning business objectives to the policy, as it is considered to be one of the vital controls that govern from top to bottom (Chen, Ramamurthy, and Wen 157-188). 1. Purpose Th is policy demonstrates requirements for protecting or securing information for AMERCO Car Leasing company information and information that is classified and categorized as confidential cannot be conceded or breached and the services related to production and third party service providers security is safeguarded from the operations of the information security and AMERCO Car Leasing company. 2. Scope This policy is applicable to employees and third parties who have access to head