Understanding Security Policies
A security policy is a written document that provides the organization with a high-level view of the security goals of an organization. Chapter 9 presented and contrasted the differences among policies, standards, guidelines, and procedures. Recall that the policies are the high-level, authoritative documents. Standards document criteria such as a proven norm or method and may specify requirements for a process or a technology, but the organization chooses what standards to follow. Guidelines provide recommendations for members of an organization, but they are not mandatory, and procedures provide the action steps to accomplish tasks.
EXAM TIP Policies provide the high-level authority for an organization. They ...
Get SSCP Systems Security Certified Practitioner All-in-One Exam Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.