You are the Information Security Officer of Mahtmarg Manufacturing a small manufacturing company worth approximately $5 Million who provides fiber cable to local businesses, individual customers and to government organizations. In the course of the next eight weeks you will be creating your Information Security Plan (Issue-Specific Security Policy in Table 4-3 of the textbook) step by step using this scenario.
Step 6: Develop the Policy Review and Modification section of your ISP
In this week’s Lab you will develop the review and modification policy portion of your ISP to ensure it is a ‘living document’. This must include:
- At least an annual review
- Identification of who is responsible for making updates and revisions
- Detail concerning where these updates are published and how employees can access them
Remember that every company is in a constant state of change and your network infrastructure is constantly evolving. The risks that you face today are not the risks that you will encounter next year nor are they the same as those you have encountered in years past. It is crucial that you routinely review and update the company’s information security plan as threats change as well as the company.