Security Policy - What role security has in an individual organization. Usually in the form of a statement made by upper management. There are a few different ones. Organizations specific, issue specific, and system specific.
Standards - Directions and mandatory actions within an organization. Really helpful in defining expected user behavior of a system.
Baselines - Used to determine when future changes should be made. A good example is showing the minimum level of protection that should be used in a system.
Guidelines - To me, these are best practices. They are more flexible than explicit standards.
Procedures - Detailed steps to help attain a goal. Companies have a myriad of procedures and steps to get certain things done. Often used in configuration and installation of systems.
All of theses are often in place for auditing purposes. Employees should be informed and aware of all of these in order to be effective.
No comments:
Post a Comment