Q1. Discuss the purpose of an Information Security Policy and how it fits into an effective information security architecture. Your discussion should include the different levels of policies and what should be covered in an information security policy.
Q2. Discuss how an organization can apply the information life cycle to protect information. Make sure you discuss the different states of data and protection measures for those states.
Assignment Formatting Requirements:
- APA Standard 1-inch margins all around
- Standard font (e.g., Arial, Times Roman, Calibri, Tahoma, etc.)
- 12-pt font size
- No cover page – use a simple heading at the top of the first page with Course #/Title, Exam Name, Your Name, and Date (this heading can be left-justified, centered or right-justified)
- No Abstract
- Identify the question number for each response (e.g., “Essay Question #1”) – do not repeat the actual question text
- When using external sources, list the references immediately following the end of the essay question where used (do not put all references at the end of the document)
- Start Q2 on a new page
An organization can also apply disposition where it deletes or archives the invalid information. There are three states of data: data at rest, data in motion, and data in use. Data at rest entails data that is not accessed and stored on a logical medium (Rustad & Koenig, 2019). The protection measure for this state of information is the use of encryption, for instance, full disk encryption, which allows that if the laptop is lost, the data contained cannot be accessed by mounting the hard disk or device on another machine. The second state of data is data in motion. This is the data that travels through any private or public communication channel, such as email. To protect data in motion, the following measure is applied. Email encryptions manage file transfer and data leak prevention. The third state is the data in use which is the data that is opened by one or more applications for its assessment by users.