After reading this chapter and completing the exercises, you will be able to do the following:
Explain the differences between a policy, a standard, a procedure, a guideline, and a plan.
Know how to use “plain language when creating and updating your cybersecurity policy.”
Identify the different policy elements.
Include the proper information in each element of a policy.
In Chapter 1, “Understanding Cybersecurity Policy and Governance,” you learned that policies have played a significant role in helping us form and sustain our social, governmental, and corporate organizations. In this chapter, we begin by examining the hierarchy and purpose of guiding principles, ...