Question description

Q1. Develop an issue-specific security policy (ISSP) that can be used at home or small business.Assignment – 1 Requirements : Consider your incident response plan (IRP) you created last week and discussed in the forum. Using a similar approach, draft a generic, sample ISSP that would be useful to any home computer user.Assume this policy could be available to the general public.Make sure you cover all of the critical aspects of a security policy.Get a second opinion on the ISSP’s usability. You might use a family member, classmate, or a work colleague. Use that feedback to improve your policy. Include their feedback as part of your submission.NOTE: This means you’ll need to complete your initial policy to provide enough time for feedback and improvement.Submission RequirementsFormat: Microsoft WordFont: Arial, 12-Point, Double- SpaceCitation Style: APALength: 1 page (plus a cover sheet)Three Major Types of Information Security PoliciesLearning Objective: Recognize the three major types of information security policy and know what goes into each type.The
NIST published Generally Accepted Principles and Practices for Securing
Information Technology Systems (NIST 800-14) in 1996. For many
years government agencies used NIST 800-14 as a source for developing
information security policies (program, issue-specific,
systems-specific, and etc.).  The guide was also to prepare for
contingencies, incident handling, and training.Assignment RequirementsReview 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems -> http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdfAfter reviewing the NIST document and completing the reading assignment, write a 2-3 page paper that addresses the following:In the introduction, describe the importance of security policies.Use
your text or other resources and provide an introduction to the three
major types of information security policies. (Enterprise information
security program policy, Issue-specific information security policies,
Systems-specific information security policies)Identify types of information is contained in each of the three types of policies.Compare and contrast the three policies.Conclusion:How much have policies changed since the 1996 publication?  Are the same principles identified in 1996 applicable to today?  Your thoughts? Submission RequirementsFormat: Microsoft WordFont: Arial, 12-Point, Double- SpaceCitation Style: APALength: 2 pages (plus a cover sheet)