Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
7 Cards in this Set
- Front
- Back
3 Policy Types |
ISP - Overall information security policy ISSP - Issue-specific security policy SysSP - System-specific security policy |
|
Purpose of an overall infosec policy |
An overview of corporate philosophy (e.g postures they take) Details security responsibilities that all organisation members have and responsibilities unique to roles |
|
Main priniciples underlying policies |
Individual accountability Authorisation Minimising privilege Seperation of duty Auditing Risk reduction |
|
Content of an overall info sec policy |
1.introduction & Objectives 2.Statement of management intent 3.A framework for setting control objectives, risk assessment & management 4.Policies, principles, standards, and compliance 5.Responsibilities 6.References |
|
Why should stakeholders be involved in policy development |
Minimises disruption to business unit operations, system owners can give valuable input to how processes will be impacted and it makes the implementation process easier |
|
What sensitive data is unique to certain legislation |
Biometric or genetic (GDPR), Alleged or commited offences (DPA) |
|
Rights of the data subject under DPA |
|