PRT571 Asset Security and Risk Management
Three approaches to policy development: 1- the enterprise information security policy (EISP), 2- issue-specific security policy (ISSP), and 3- system-specific security policy (SysSP). Briefly describe the 3 approaches. In your opinion, which is best suited for use by a smaller organization and why? If the target organization were very much larger, which approach would be more suitable and why?