User Account

All Pages

Enterprise information security policy (eisp), Computer Network Security

Assignment Help:

Enterprise Information Security Policy (EISP)

EISP also known as security policy directly supports the mission of the organization and sets the strategic direction, scope, and tone for security efforts within the organization. It is an executive level document, drafted by or with CIO of the organization.

The EISP characteristically addresses compliance in two areas:

1.General compliance to ensure meeting requirements to establish program and responsibilities assigned therein to several organizational components.

2.Use of specific penalties and disciplinary action.

Information security policy has the concepts which are stated below.

1.Each agency operates in a manner consistent with maintenance of a shared, trusted environment within the state government for the protection of individual privacy and them assurance of data and business transactions. Each agency shall not jeopardize confidentiality, integrity/availability of the state enterprise; or the information stored, processed and transmitted by state information systems.

2.Evert agency follows established enterprise security policies, standards, processes and procedures, except where agency policy offers a higher level of security.

3.Each agency is responsible for developing policies, standards, processes and procedures to meet this policy. If it can be determined that more stringent measures are required, the agency is responsible for policies, standards processes and procedures development to meet the higher level of security.

4.Each agency will implement, develop, and exercise an agency business continuity plan. The plan will be based on advantage criticality and be consistent with the enterprise business continuity plan.

5.Each agency will implement a security alertness, training and education program for all staff including technical and non-technical staff both. The term program is used here intentionally. Each agency is expected to provide an ongoing, systematic training program by using a system wide approach. Every new employee will be given basic information technology security training within the 3 months of employment. All employees, that include interns, contractors, temporary and part time employees, should agree in writing to follow state and agency security policies before being authorized to access state computer resources.

6.Each agency is subject to annual security audit to assure compliance with this and other enterprise policies, standards, processes and procedures. An audit or review performed under another authority, like the Internal Revenue Service, can be substituted if similar in scope and approved by Chief Information Security Officer.

7.Every agency will have a vulnerability assessment which is performed on its information systems at least annually to gauge the effectiveness of security measures. Assessment results can be used to identify, prioritize, plan for and implement additional security measures and to update agency risk assessment.

8.Each agency will posses an information systems risk assessment performed at least every 2 years. This assessment will be used to identify, prioritize, plan for and implement additional security measures. The assessment methodology will be obtained by the Information Security Office and made available to the enterprise.

9.Security requirements will be defined and addressed throughout the life cycle of all information technology projects, including business requirements definition, design, development, testing, implementation and operation.

10. Each agency Chief Information Officer will assure his or her best ability that information systems  under their control meet enterprise and agency security policies, processes, standards, and procedures prior to being placed in production or after significant changes to the system. The Information Security Office will assess randomly the self certification process and individual systems to ensure adherence to policy.

11.All agencies will comply with suitable federal information security requirements.However, if federal or other requirements are inconsistent with the established state policy or standard, in whole/in part, then the Chief Information Security Officer can grant a waiver from the inconsistent portions of state policy or standard. Requests for a waiver should be submitted in writing and demonstrate that granting the waiver will not result in undue risk for enterprise or agency.

12. Individual privacy will be protected at all the times according to established laws, policies and rules.

13. Monitoring of the information system usage for malicious activity and misuse of government resources will be conducted by agencies as per their established policies, or by Department of Administrative Services, Iowa Communications Network or other party at request of the agency.

14. Each agency will report network changes which affects enterprise network security to the Information Security Office.

15. Agencies will report information security incidents which impact or could impact shared resources to the Information Security Office, following a common response plan which is developed, implemented and exercised jointly by Information Security Office and all agencies.


16. Computer resources and physical information, including but not limited to servers, desktops, network equipment, laptops, firewalls, hardcopies and tapes, have appropriate physical protections in place. Where possible, these resources should also be protected from structural and environmental threats.

17. Agencies will provide information to the Information Security Office describing all connections from their agency networks to outside resources including the Department of Administrative Services shared campus network, the Iowa Communications Network, private service providers, federal, local and municipal governments and other state agencies. Updates will be provided as changes occur.

18. Agencies will develop methods for implementing system patches, and other measures which are required to protect systems from known as vulnerabilities. The procedures will provide adequate testing prior to implementation to decrease the risk of a negative impact, but also assure the updates are applied quickly to assure protection.

19. Requests for exemption from any requirements of this policy will be submitted in writing by the agency director to Chief Information Security Officer prior to implementation

Related Discussions:- Enterprise information security policy (eisp)

Security policies, implementing password policy in organisation

implementing password policy in organisation

Fragmentation and path mtu, FRAGMENTATION AND PATH MTU IPv6 source is ...

FRAGMENTATION AND PATH MTU IPv6 source is responsible for fragmentation. Routers simply drop datagrams bigger than network MTU. So source have to fragment datagram to arrive d

Ids deployment overview, IDS Deployment Overview The decision regarding ...

IDS Deployment Overview The decision regarding control strategies, decisions about where to locate elements of intrusion detection systems is an art in itself. Planners should s

Compare and contrast the trust models-pgp, a. PKI and PGP are two methods f...

a. PKI and PGP are two methods for generating and managing public keys for use in protocols such as secure email. Compare and contrast the trust models for public keys used in PKI

Calculate the total latency, Question (a) Inspect the following ifconfi...

Question (a) Inspect the following ifconfig output of an IPv6 interface: i. What is the hidden Hardware Address of the interface on Line #1? ii. What is the hidden subn

What is the size of the initialization vector n wpa, Question : Wi-Fi p...

Question : Wi-Fi protected access (WPA) was specified by the Wi-Fi alliance with the primary aim of enhancing the security of existing 802.11 networks. However, WPA was only a

Ip Datagram, Size of Option field of an ip datagram is 20 bytes. What is th...

Size of Option field of an ip datagram is 20 bytes. What is the value of HLEN? What is the value in binary?

Briefly explain the following security goals, (a) Briefly explain the fo...

(a) Briefly explain the following security goals provided by cryptography: confidentiality, authentication, integrity and non-repudiation. (b) State Kerckhoff's Princip

Ip datagrams, on LAN,where are IP datagrams transported?

on LAN,where are IP datagrams transported?

What is ftam-file transfer access and management, Describe what the FTAM se...

Describe what the FTAM services are. FTAM  stand for the File Transfer Access and Management: FTAM is an ISO application protocol which performs the operations on files such as.

Write Your Message!

Captcha
Order Assignment

Featured Services

Order Now

Popular Subjects

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd