CIS 502 Case Study 2

     An EISP sets the tone for the security policy a given organization will have with regard to all information security. More importantly, the EISP guides the development, implementation, and management requirements of the information security program, which must be met by information security management, IT development, IT operations, and other specific security functions. (Whitman, 2010). A sub-policy is used to classify the security level of each data element and eases the decision on where to place the information within the enterprise using a reasoning based on the interpretation of the policy at the domain level. (SANS Institute, 2012) Data classification plays an important role here.
Powered by