You are the Information Security Officer of Mahtmarg Manufacturing a small manufacturing company worth approximately $5 Million who provides fiber cable to local businesses, individual customers and to government organizations. In the course of the next eight weeks you will be creating your Information Security Plan (Issue-Specific Security Policy in Table 4-3 of the textbook) step by step using this scenario.
Step 1: Develop your Statement of Purpose for your Information Security Plan (ISP)
In this week’s Lab you will develop your Statement of Purpose which will include:
· The Introduction should introduce the policy and name the organization.
· The Purpose should state the main reason for the policy and any legal or compliance issues required to uphold.
· The Scope provides a statement of the boundaries of the policy, information systems, the cyber architecture and the personnel to which the policy applies.
· Roles and Responsibilities list the major roles in the organization and their responsibilities in reference to this policy. These should include at a minimum:
· Chief Information Officer
· Information Security Officer
· Information Security Architect
· Information Security Coordinator
· Data Proprietor (Administrative official)
· Data Custodian (Technical staff)