Governance Policies

Many policies exist in today’s modern organizations that help them to function effectively and efficiently. Section 12.5.1.3 (Information Security Governance by Brotby) mentions different governance policies without going into any detail with regard to what goes into these policies.
For this discussion:
• Find an article (preferably peer-reviewed) that discusses one of the policies mentioned in the above section (any one of the policies will do – it is your choice)
• Read the article, and (if you can find supporting information from a qualified website (maybe an organization that has posted a policy), use that information too)
o Provide a summary of the article and supplemental information source
o Upload the article and a PDF of the information source if you can, or supply the URL to the information source
o Besides the summary, provide information as to why you selected the policy and information source

find the cost of your paper

Sample Answer

 

 

Since Brotby’s book doesn’t explicitly mention the purpose of Section 12.5.1.3, I’ll choose to analyze Information Security Incident Response Policy based on its prevalence and importance in cybersecurity governance.

Full Answer Section

 

 

 

Selected Article and Information Source:

Article Summary:

The NIST article outlines the key components and best practices for establishing an effective information security incident response (ISIR) policy. It defines an ISIR policy as a documented plan outlining how an organization will identify, contain, eradicate, and recover from security incidents.

Key points covered include:

  • Policy Scope: Defining the types of incidents covered under the policy.
  • Incident Response Team: Establishing roles and responsibilities for team members involved in incident response.
  • Incident Detection and Reporting: outlining procedures for identifying and reporting suspicious activity.
  • Containment and Eradication: Defining actions to mitigate the impact of an incident and remove the threat.
  • Recovery and Restoration: Outlining procedures for restoring affected systems and services.
  • Communication and Escalation: Defining communication protocols with internal and external stakeholders.
  • Documentation and Improvement: Emphasizing the importance of documenting activities and learning from incidents for continuous improvement.

The article emphasizes the importance of tailoring the ISIR policy to the specific needs and risks of the organization.

Supporting Information:

The SANS Institute template provides a sample ISIR policy document with customizable sections addressing the key components outlined in the NIST article. This resource offers a practical starting point for organizations to develop their own policies.

Rationale for Selection:

  • Relevance: Information security incidents are a major concern for modern organizations, making an ISIR policy crucial for effective cyber defense.
  • Credibility: Both sources are from highly respected institutions in the cybersecurity domain, ensuring reliable and authoritative information.
  • Complementary nature: The combination of the NIST article’s comprehensive overview and the SANS Institute’s practical template provides a well-rounded understanding of effective ISIR policy development.

By exploring these resources, you can gain valuable insights into crafting an information security incident response policy that safeguards your organization against cyber threats.

This question has been answered.

Get Answer