Policies, Standards, Guidelines, and Procedures
Policies, standards, guidelines, and procedures are all subtly different from each other, but they also interact with each other in a variety of ways. It’s your job as a CISSP candidate to study these differences and relationships, and also to recognize the different types of policies and their applications. To successfully develop and implement information security policies, standards, guidelines, and procedures, you must ensure that your efforts are consistent with the organization’s mission, goals, and objectives (see the preceding sections).
Policies, standards, guidelines, and procedures all work together as the blueprints for a successful information security program. They
Provide valuable guidance and decision support.
Help establish legal authority.
Too often, technical security solutions are implemented without these important blueprints. The results are often expensive and ineffective controls that aren’t uniformly applied and don’t support an overall security strategy.