Information Security Policy Document (ISPD) Assignment

Information Security Policy Document (ISPD) - Assignment Example Organizations are dependent on these digital communication channels for transferring and exchanging classified information such as confidential information, mission critical information and information that is published for the people. As information is a blood life of any organization, it is vital to protect information by implementing physical, logical and environmental controls. In the context of protecting information security, three fundamental factors must be considered to make use of digitized information in an effective manner i.e. Confidentiality, Integrity and Availability. As there is a requirement of protecting this digital information internally and externally, policy is a control that provides necessary steps, procedures and processes to protect information. These are also considered as high level statements derived from the board of the organization. â€Å"Information security policy is therefore considered an essential tool for information security management† (Ilvonen 2009). However, information security policy is customized by company to company and department to department. Different factor that may influence to tailor the policy includes organization size, dependence on information systems, regulatory compliance and information classification scheme. For addressing all issues related to information security via a single policy is not possible, however, to cover all aspects related to information security, a set of information security policy document focusing on different group of employees within the organization is more suitable. This paper will discuss different factors that must be taken in to account when constructing and maintaining an information security policy. However, there are many methods available for constructing an information security policy, the initial step before adopting any one of the methods is to identify the current maturity level of the policy construction process within the organization. The outputs will be either no information security policy development process in place or there is an extensive policy development process exists. As University of Wales has inaugurated a new bespoke digital forensic and information security laboratory, we will use a phased approach that will use a basic policy framework that will address key policies followed with the development of more policies. Likewise, the phased approach will also revise the existing policies that are already in place. In the current scenario there is no policy in place, as the laboratory is new. One key element for a policy development process is the process maturity level. For instance, a newly derived comprehensive and complex security policy cannot be successful because organizations need time for compliance. Common pitfalls for compliance are different organization cultures, lack of management buy-in, insufficient resources and many other factors. For a newly inaugurated forensic laboratory, the initial