Fully answer the following questions using complete sentences and proper English
ID: 3884769 • Letter: F
Question
Fully answer the following questions using complete sentences and proper English.
Please include your name, class number, and assignment number on your paper. Follow APA formatting standards, especially for citations and references.
Policies
1. a) What are policies?
b) Distinguish between policies and implementation.
c) Why should policies not specify implementation in detail?
Categories of Security Policies
2. a) Distinguish between the corporate security policy and major security policies.
b) Distinguish between major security policies and the acceptable use policies.
c) What are the purposes of requiring users to sign the AUP?
d) Why are policies for individual countermeasures and resources needed?
Implementation Guidance
3. a) Distinguish between standards and guidelines.
b) For guidelines, what is mandatory?
c) When are guidelines appropriate?
Types of Implementation Guidance
4. a) Distinguish between procedures and processes.
b) When would each be used?
5. a) Why is ethics unpredictable?
b) Why do companies create codes of ethics?
c) Why is good ethics important in a firm?
d) To whom do codes of ethics apply?
Explanation / Answer
1.A.
A set of policies are principles, rules, and guidelines formulated or adopted by an organization to reach its long-term goals and typically published in a booklet or other form that is widely accessible.
Policies and procedures are designed to influence and determine all major decisions and actions, and all activities take place within the boundaries set by them. Procedures are the specific methods employed to express policies in action in day-to-day operations of the organization. Together, policies and procedures ensure that a point of view held by the governing body of an organization is translated into steps that result in an outcome compatible with that view.
B. Think of your procedure policy as a mini-mission statement. A mission statement contains the target user, the stated purpose, and some type of effectiveness measure to communicate how users know the procedure is working.
An example Inventory Counting Procedure Policy:
Warehouse personnel shall count physical inventory on a frequent basis to ensure the accuracy of the general ledger balance.
Policies are statements of what should be done; implementation describes the actions that are taken to place the policy guidance into operation.
C. Policies set goals and vision, but they should not wrongly constrain future implementation changes as conditions (such as technology improvements) change.
2.A. The goal of the corporate security policy is to emphasize a firm’s commitment to strong security—it is brief and to the point. Whereas major security policies are specific policies about major concerns and are more detailed than corporate security policies.
B. Major security policies are very detailed and provide guidance to various stakeholders on required or recommended actions. Acceptable use policies provide users a summary of the key points of the various major security policies.
C. Signing the AUP provides legal protection so that the user cannot say that he or she never knew company policies. Of equal importance, signing creates a sense of ceremony that is memorable. Required signing also emphasizes the company’s commitment to IT security.
D. Policies for individual countermeasures and resources are needed because major policies are not sufficiently detailed enough to cover the requirements of a single countermeasure, such as a firewall. The major policies should provide the guidance, while the individual policies describe in detail the implementation of the major policies.
3.A. Standards are mandatory implementation guidance and guidelines are discretionary.
B. It is mandatory for decision makers to consider guidelines.
C. Guidelines are appropriate in complex and uncertain situations for which rigid standards cannot be specified.
4.A. Procedures specify the low-level detailed actions that must be taken by specific employees. Processes are high-level descriptions of what should be done.
B. Procedures are used to steer a well defined action, such as the steps required to issue a new employee a password. Processes are used to provide high-level descriptions of what should be done, such as the process of nominating a new product for development.
5. A. Ethics are unpredictable because different people of good will can make different ethical decisions in the same situation.
B. Companies create codes of ethics in order to make ethical decision making more predictable.
C. It is important to have good ethics in a firm because good corporations with poor security are poor places to work and because any lapse in ethics can severely damage a firm’s reputation, which can lead to lost sales and profits.
D. Codes of ethics apply to everyone, including part-time employees and senior managers.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.