Security Policies and Standards
3.01 Introduction to Security Policies
3.02 General Security Policies
3.03 Human Resources Policies
3.04 User Education and Awareness
Security policies provide the framework from which all types of users learn the proper procedures in using computing devices and accessing data. Management support is crucial to ensure the security policies are understood and enforced. User awareness and training provide users with this knowledge, and metrics must be gathered to determine how effective the training is, such as through testing.
1. The primary purpose of security policies is to:
A. Establish legal grounds for prosecution.
B. Improve IT service performance. ...