LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

What is an Issue-Specific Security Policy (ISSP), and how does it differ from the EISP in change frequency?

An ISSP states the organization's position on one specific issue — and unlike the strategic EISP, it requires frequent updates.

Characteristics:

  • Addresses a specific issue and contains a statement of the organization's position on it
  • Typical topics: who has internet access, use of personal equipment on company networks, use of photocopy equipment, prohibitions against hacking or testing the organization's security controls
  • Requires frequent updates — issues evolve with technology and usage (compare: the e-mail ISSP of 2010 vs. one covering today's collaboration tools)

The layering logic: the EISP says "company information must be protected" (stable, strategic); the ISSP says "here is our binding position on personal devices" (issue-level, revisited regularly); the SysSP says "configure the MDM server like this" (system-level, changes with the product).

Tip: ISSPs are where policy meets employee behavior — they're the documents staff actually read (or sign). Clarity beats legalese here.

From Quiz: ISM / Policies, Concepts & Guidelines | Updated: Jun 04, 2026