Security policies, standards, guidelines, and procedures

"The security program development process needs to be driven by the implementing company's security goals and objectives. These goals and objectives manifest themselves in a set of ICS security policies, which drive standards from which procedures and guidelines are derived."

As security policies and procedures are essential to the entire security program development process, it is important to clearly understand the difference between them.

Policies are high-level statements relating to the protection of systems and information across the organization. Policies should be set by the senior management.

Standards are specific low-level mandatory controls and activities that help enforce and support the corresponding security policy.

Guidelines are recommended, non-mandatory controls and activities that help support standards or can serve as a reference when there are no applicable standards in place.  

Procedures consist of step-by-step instructions to assist the people implementing the various policies, standards, and guidelines.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.129.15.99