What is an EISP and what purpose does it serve quizlet?
Something you know (such as a password): Show Something you have (such as a smart card): Something you are (such as a fingerprint): Some of the methods that can be used are fingerprints, hand geometry, retinal or iris scans, handwriting, and voice analysis. Fingerprints and handprints are the most widely used method in use. Many laptops include fingerprint readers. Handprints are used with many amusement parks that sell season passes, or multi-day passes. Terms in this set (37)Step-by-step instructions designed to assist employees in following policies, standards and guidelines. If the policy states to "use strong passwords, frequently changed," the procedure might advise that "in order to change your password, first click on the Windows Start button, then...." standard: A detailed statement of what must be done to comply with policy, sometimes viewed as the rules governing policy compliance. If the policy states that employees must "use strong passwords, frequently changed," the standard might specify that the password "must be at least 8 characters, with at least one number, one letter, and one special character." Three approaches to policy are the enterprise information security policy, issue- specific security policy, and the system-specific policy. The EISP is broad-based, encompassing and defining large areas of responsibility and implementation. The ISSP is tailored toward the organization's intent for how a certain technology-based system is to be used. The system-specific policy is written more as a standard and procedure to be used in the configuration of a system. A large organization would need a policy written along the lines of an EISP in order to cover all of the various systems and information security needs. For instance, a government contractor might have a very detailed policy to protect confidential information when it is required by the customer, the federal government. A smaller company, say a restaurant, might only need a system to help track its daily sales, inventory, and labor records. All of these records may be confidential, but could easily be handled by a policy like the SysSP. Sets with similar termsWhat is the purpose of a SysSP?System-Specific Security Policy, SysSP, is a policy that functions as instructions or procedures that are to be used when configuring systems. An example of an SysSP is a document provided by management to guide the configuration of technology intended to support information security.
What are the components of an effective EISP?Key Elements Of An Enterprise Information Security Policy. Network Security. ... . Application Security. ... . Risk Management. ... . Compliance Management. ... . Disaster Recovery. ... . Physical Security. ... . Identity & Access Management. ... . Incident Management.. What is the purpose of a security policy quizlet?What is security policy? A security policy defines "secure" for a system or a set of systems. A security policy is a statement that partitions the states of the system into a set of authorized, or secure, states and a set of unauthorized, or nonsecure, states.
What is EISP and ISSP?The three types of policy are: • Enterprise information security program policy(EISP) • Issue-specific information security policies (ISSP) • Systems-specific information security policies (SysSP)
|