Week Two Program

CMGT 400, Week 4 Quiz

Instructions: Please respond to the following questions. There is no required answer length. However, be sure to adequately answer each question.

Q 1: Describe what should be included in an information security policy document?

• Information that should always be provided in an “Information Security Policy Document” would be the following listed in detail below:

1. Purpose – an explanation of the policy that is being put in place to be used to avoid security threats.

2. Responsibilities – a clear breakdown of who will be controlling what areas on a daily basis.

3. Risk Assessment and the Classification of Information – an explanation of the risk the policy being present will control and the underlining classification of areas of information.

4. Protection of Information Systems and Confidential Information – explanation on how the company will implement control to insure the security of there internal information is being kept and confidential information is being managed properly.

5. Compliance – guidelines that should be follow in regards to the topic of the security policy.

6. Other relevant Policies and Guidance – related link that assist the topic of the security policy, additional documents that can provided a clear picture.

7. Contacts for Additional Information – used if policy needs to be updated and/or clarification is need about the policy.

Q 2: Describe the following. How are they related?

• Policies – is a document that outlines the required security roles and responsibilities in which defines the scope of information that is in need of being protected.

• Standards – is set in place to ensure that security measure are consistency being used across any business – and include business controls.

• Guidelines – is a form of best practices that are being provided by a company - -not required to be used yet provided for situation when needed.

• Procedures – provided specific details required to implement the controls in a step by step