You are working for an organisation as Chief Information Security Officer (CISO). Your CEO has asked you to devise an enterprise information security policy (EISP) for the organisation. For this you can choose any organisation, anywhere in the world. The organisation may be a commercial, government or not-for-profit organisation but it must have at least 100 employees and a web site. Use the web, newspapers and/or personal contacts to gain information about the organisation and its management of IT security. If you are employed, you are encouraged to base this assignment on the organisation that you are currently working with, if it meets the above criteria.
The following aspects are the minimum requirement.
1. Objective and scope
a. A description of your chosen organization, its characteristics and the industry it is part of. Clearly mention the number of employees and URL of the organization. Provide a statement on the need of this document in the organisation
b. Identify the elements of a good security policy.
c. Explain the need for information security.
d. Specify the various categories of information security
e. Identify the information security responsibilities and roles. Identify appropriate levels of security through standards and guidelines
2. Information security elements
a. Define information security policy
b. Philosophy of the information security in the organisation
3. Need for information security
a. Importance of the information security in the organisation
b. Legal and ethical obligation of the organisation towards employees and customers information
4. IT security responsibilities and roles
a. Define the organisational structure
b. Illustrate the information security structure in the organisation
c. Identify information security responsibilities of the individuals
5. Standards and guidelines
a. List standards that influence this policy
b. Mention relevant legislations and other policies that influence and are influenced by this policy document
6. References
Use references not older than three years. Only list references that you have cited within your report. Be sure to cite (in the text) any references that you have used. Use APA referencing style.