114 ◾ Information Security Management Handbook
Information Security Policies, Standards, Procedures,
andGuidelines
One of the major critical components of an information security program is the formulation, col-
laboration, and adoption of information security policies. ese written policies cannot survive
without the associated supporting standards, procedures (some private sector organizations use
standard operating procedures or SOP), and guidelines. Personally, having clear, distinct, and
physically separated policies, standards, and procedures would provide benefits to your overall
information security program.
Charles Cresson Wood, well known in the information security industry as a leader for infor-
mation security policy developmen