What is a security policy? How is it related to security standards, guidelines and procedures?
A security policy sets the standards for a set of security specifications. It states what aspects of Information Security are of paramount importance to the organisation, and thus a security policy can be treated as a basic set of mandatory rules that must be observed. The policy should be observed throughout the organisation and should be in accordance with your security requirements, and your organisation’s business objectives and goals. Security standards, guidelines and procedures are tools that can be used to implement and enforce a security policy. More detailed managerial, operational and technical issues can be addressed. These documents provide detailed steps and advice to assist users and system administrators in complying with the requirements in security policy. Standards, guidelines and procedures may require more frequent reviews than the security policy itself.
Related Questions
- How does NIST ensure that its FISMA security standards and guidelines are technically correct and implementable by federal agencies?
- Are there any other policy/standard operating procedures (SOP) that are important to hospital security professionals?
- What is a security policy? How is it related to security standards, guidelines and procedures?
