I chose the HIC, Inc. Information Security Policy final project for this module because it encompasses the components of an Information Security Policy: Executive Summary, Information Security Program Charter, Summary of Laws, Regulations, and Standards, Corporate Mobility Policy, Asset Protection Policy, Information Classification Policy, Privacy Policy, Implementation, Enforcement, and Compliance Plan. It has helped me to write policies and will serve as a template, amending changes as necessary.

 

Laws, Regulations, and Standards have been put in place to protect the consumers and their privacy rights. Adhering to these laws, regulations, and standards will serve the company, its stakeholders which include owners of the company, executives and employees, investors, and customers, well.

​

Massive hack attacks in recent years have brought privacy and security to the forefront of people’s attention to the need for improved privacy and security. Ignoring the need to strengthen privacy and security measures have shown to Yahoo's detriment. CEO Marissa Mayer denied repeated requests to strengthened Yahoo's security infrastructure by its Chief Information Security Officer, Alex Stamos, have resulted in billions of customer email accounts hacked. The moral of the story is to do what is right, not what makes it look good. She chose the aesthetic look of the user interface over increasing the budget for security.

​

The Information Classification Scheme is an important process because all company associates share in the responsibility for ensuring that company information assets receive an appropriate level of protection by observing this information classification policy. Security controls are put in place to protect data according to the data classifications: Highly sensitive, sensitive, internal, and public. Responsibility, accountability, policy enforcement and exception handling are put in place to ensure corporate information is protected, disciplinary actions to those who do not comply, including up to termination of employment or contract business with the company.