Class Exercise 3 : Questions

853 WordsDec 1, 20154 Pages
Class Exercise 3 1. Write down all the policy elements that were used in this particular policy. Statement of authority Statement of purpose Policy Statement Audience 2. Which policy elements do not appear in this policy? Make a list. The following policy elements were not included in this policy: Policy Heading Policy Objectives Policy Exceptions Policy Enforcement Clause Policy Definitions 3. Does this policy clearly provide the policy objectives? If not, develop the Policy Objectives section for this policy. The State of Vermont is committed to protecting the security of its information and information systems in order to ensure that: • The integrity of information is maintained, so that it is accurate, and updated. • Information is always available to those who need it and there is no disruption to the business of the State. • Confidentiality is not breached, so that information is accessed only by those authorized to do so. • The State meets its legal requirements, including those applicable to personal data under the Data Protection Act. • The reputation of the State is safeguarded. 4. Does this policy include the Statement of Authority clause? Please provide your opinion about the appropriateness and language of this segment. The Statement of Authority does not clearly state what needs to be done from a security standpoint. It should introduce the thought process behind the information security policy being presented. It may be better if it was started as:
Open Document