Scribd Logo
Upload

Welcome to Scribd!

  • Explain The Concept of EISP With Example

    Uploaded by

    Abhishek Napit
    237 views2 pages
    An Enterprise Information Security Policy (EISP) establishes a company's philosophy and direction on security. It is written at the management level and explains employee roles and responsibilities for protecting systems and information. The EISP also integrates the company's security measures with its mission and objectives. For example, a hospital's EISP may focus on safeguarding patient data. The EISP covers protection of sensitive information, authorized use of information, access and usage policies, disclaimers for data damage, and addressing legal conflicts.

    Original Description:

    Original Title

    Information Security System

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    An Enterprise Information Security Policy (EISP) establishes a company's philosophy and direction on security. It is written at the management level and explains employee roles and responsibilities for protecting systems and information. The EISP also integrates the company's security measures with its mission and objectives. For example, a hospital's EISP may focus on safeguarding patient data. The EISP covers protection of sensitive information, authorized use of information, access and usage policies, disclaimers for data damage, and addressing legal conflicts.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    237 views2 pages

    Explain The Concept of EISP With Example

    Uploaded by

    Abhishek Napit
    An Enterprise Information Security Policy (EISP) establishes a company's philosophy and direction on security. It is written at the management level and explains employee roles and responsibilities for protecting systems and information. The EISP also integrates the company's security measures with its mission and objectives. For example, a hospital's EISP may focus on safeguarding patient data. The EISP covers protection of sensitive information, authorized use of information, access and usage policies, disclaimers for data damage, and addressing legal conflicts.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    1. Explain the concept of EISP with example.

    An Enterprise Information Security Policy sits atop the company's


    security efforts. In fact, it details what a company's philosophy is on security
    and helps to set the direction, scope, and tone for all of an organization's
    security efforts. It is a management-level document; that means, it is most
    likely written by the company's chief information officer or someone serving
    in that capacity. The EISP, as it's known for short, explains what the
    company believes about security, the different types of roles that exist in the
    company's security arena (and the duties of each) and what responsibilities
    all employees have for keeping the organization's systems and information
    safe from intrusion. It can also be used as a roadmap for future security
    program development by setting the tone for how the company treats
    security matters. Unlike other security policies in an organization that must
    be modified as new technologies present themselves, the EISP is typically
    final once completed - with very few changes going forward. An EISP will
    vary from one company to another to meet the purpose of the organization
    itself. For example, a hospital that handles a lot of sensitive patient data in
    electronic form may specify as one of its EISP goals to safeguard against
    authorized access or accidental dissemination. In this way, it is possible to
    integrate the mission and objectives of the organization into its EISP by
    defining specific security measures that can enhance and further the
    organization's purpose.
     Protection of Information: Information must be protected in a manner
    commensurate with its sensitivity, value, and criticality
     Use of Information: Company X information must be used only for the
    business purposes expressly authorized by management
     Information Handling, Access, and Usage: Information is a vital asset and all
    accesses to, uses of, and processing of Company X information must be
    consistent with policies and standards
     Data and Program Damage Disclaimers: Company X disclaims any
    responsibility for loss or damage to data or software that results from its
    efforts to protect the confidentiality, integrity, and availability of the
    information handled by computers and communications systems
     Legal Conflicts: Company X information security policies were drafted to
    meet or exceed the protections found in existing laws and regulations, and
    any Company X information security policy believed to be in conflict with
    existing laws or regulations must be promptly reported to Information
    Security management

    You might also like