LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

What is a System-Specific Security Policy (SysSP), and what makes it different from the other policy types?

A SysSP works like a manual of procedures for configuring and maintaining one specific system — e.g. how to select and set up the company firewall.

Characteristics:

  • Functions as instructions or procedures used when configuring or maintaining systems
  • Examples: how to select and set up the firewall; defining access levels for different user types (not every user needs the same controls)
  • Very targeted documents — each relates only to the specific system it addresses
  • Consequently, each system needs its own SysSP describing how it functions and is managed

The contrast: EISP and ISSP read like policy (positions, principles); the SysSP reads like a manual. It's the level where security intent finally turns into concrete settings — and where an admin's "personal preference" gets replaced by documented, reviewable decisions.

From Quiz: ISM / Policies, Concepts & Guidelines | Updated: Jun 04, 2026