Understanding Security Policies

A security policy is a written document that provides the organization with a high-level view of the security goals of an organization. Chapter 9 presented and contrasted the differences among policies, standards, guidelines, and procedures. Recall that the policies are the high-level, authoritative documents. Standards document criteria such as a proven norm or method and may specify requirements for a process or a technology, but the organization chooses what standards to follow. Guidelines provide recommendations for members of an organization, but they are not mandatory, and procedures provide the action steps to accomplish tasks.

EXAM TIP Policies provide the high-level authority for an organization. They ...

Get SSCP Systems Security Certified Practitioner All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.