Policies, Standards, Guidelines, and Procedures
A security program (the total of all technology, processes, procedures, metrics, training, and personnel that are part of the organization’s approach to addressing security) should be based on an organization’s security policies, procedures, standards, and guidelines that specify what users and administrators should be doing to maintain the security of the systems and network. Collectively, these documents provide the guidance needed to determine how security will be implemented in the organization. Given this guidance, the specific technology and security mechanisms required can be planned for.
Policies are high-level, broad statements of what the organization wants to accomplish. Standards are ...
Get CompTIA Security+ All-in-One Exam Guide (Exam SY0-301), 3rd Edition, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
