UD Issue Specific Security Policies & System Specific Security Policies Paper


As the CISO, this is the first of four assignments that you will complete for your company. In this assignment you will name your company and then develop cybersecurity policies that you will use to help secure your company’s assets. 

Policies serve as the foundation of your Cybersecurity Program. They explain how the company wants to secure their assets. They guide employee behavior by setting management’s expectations. They also serve to scope internal audit requirements since the company must conform to their own policies and they must be consistently enforced. 

CISOs must be able to create easy to understand yet thorough policies that are appropriate for your company’s risk tolerance, business practices and overall threat profile. This is an opportunity for you as the CISO to practice your Policy Development skills. This is a “hands-on experiential learning assignment. The text described 3 different types of policies. I want you to focus on the Issue-Specific Security Policies (ISSP) and the System-Specific Security Policies (SysSP) for this assignment. 

You will select (2) policies for your company in any combination of Issue-Specific Security Policies or System-Specific Policies. Select whatever you think is most important for your company. 

You will select a policy template (could be from the textbook or from an industry organization like SANS) and then complete the template for each of your 2 policies. These will be 2 separate completed policy templates provided in (1) word document. In an Executive summary provide the board/professor an explanation of why you as the CISO selected these policies for your company and why they are important to your Cybersecurity Program. 

You may use the template in the text showing the different components of a typical policy or the SANS (http://www.sans.org) template to create your own custom template. You must have all of the necessary information included for a complete policy document. Make sure you include enough detail for users to understand and follow the policy. 

Policy Report Outline

Mandatory Sections:

  • Executive Summary
  • 2 Completed policy templates
  • Last Conclusion Paragraph – Your response to the question below:

o Since many companies have cybersecurity policies in place why do we continue to see cybersecurity breach incidents occurring and what is your plan to reduce them in your company – using your policies?