The student (or group, henceforth referred to as student) will select a security policy area. For that policy area, the student must seek out three or more examples of policies in that area from...

1 answer below »






The student (or group, henceforth referred to as student) will select a security policy area. For that policy area, the student must seek out three or more examples of policies in that area from different organizations. The student will evaluate, contrast, and compare the policies based on:







  • Need for the policy.



  • Clarity, comprehensibility, completeness, and effectiveness.



  • Adherence to legal, regulatory, and standards requirements.






Critiques of the policy will include specific references where appropriate.




The student should include recommendations for improvements to the policy where appropriate.




Topic/companies: remote work policy VMware, Shopify, Nationwide










Papers must be completed using the ACM Submission Template (either




MS Word





































Download MS Word





, or LaTeX -


acmart-master.zip





































Download acmart-master.zip











). Note: papers will be in a single column format. References must be in the







ACM Reference Format





. For questions about the ACM publication requirements see:





https://www.acm.org/publications/authors/submissions





. Style elements not addressed in the Submission Template or Reference Format are based on the Chicago Manual of Style, and the Merriam Webster Dictionary.








Answered 6 days AfterNov 29, 2022

Answer To: The student (or group, henceforth referred to as student) will select a security policy area. For...

Amar Kumar answered on Dec 01 2022
34 Votes
VMware
The term "security policy," often referred to as "information security policy" or "IT security policy," refers to a written statement of national principles, standards, and overall strategy to protect the confidentiality, integrity, and accessibil
ity of its data. Security policies may take many different forms, from high-level frameworks that describe the overall security objectives and guiding principles of an organization or a country to guidelines that deal with more specialized concerns like utilizing Wi-Fi or remote access.
Several variables make a security plan essential.
Despite the fact that security rules can seem seem like another piece of paper, they are actually a crucial part of any programme for safeguarding sensitive data. A well-thought-out and carried-out security plan has the following benefits:
teaches how to use technical controls - A security policy may outline senior management's goals and objectives for security, but it does not offer detailed low-level technical support. The IT or security teams are then in charge of translating these ideas into exact technological operations.
A policy could specify, for instance, that only authorized users should have access to secret national data. This policy's specific access control rules and authentication mechanisms may change over time, but its basic goal never changes. The security or IT groups are compelled to make informed assumptions about what senior management wants without a clear starting point. Businesses and organizations may not always abide by security rules.
Specifies expectations in detail - Every individual or employee will be in charge of determining what is and is not appropriate in the lack of a security policy. This may be bad if different staff members use different principles.
Is using a work gadget for personal purposes acceptable? Will an administration give their immediate subordinates' passwords out of comfort? What about utilizing third-party software? If there were no set regulations, employees may answer these questions in a variety of ways. A security policy should also include the steps for ensuring compliance.
aids one in adhering to statutory and regulatory requirements - Guidelines like PCI-DSS, ISO 27001, and SOC2, as well as legislation like HIPAA and Sarbanes-Oxley, all call for the documenting of security policies. The creation of a security strategy is frequently necessary, even when it is not formally mandated, to build a plan to conform with ever-stricter security and data protection...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here