As security policies and procedures are essential to the entire security program development process, it is important to clearly understand the difference between them.
Policies are high-level statements relating to the protection of systems and information across the organization. Policies should be set by the senior management.
Standards are specific low-level mandatory controls and activities that help enforce ...