Security Policies and Procedures - What's the Difference?

 Most organizations of any size have security policies. Typically the larger the organization, the more policy is necessary. What is relationship of policy to procedures?




Security policy is a set of high level directives. They define your overall security strategy. Think high level and strategic when you think policy. Policy rarely changes because it is high level. Without policy, you do not have a security plan. You might have lots of great security controls, but you do not have an overall plan and probably have holes big enough to drive a truck through.


Procedures on the other hand are tactical and lower level. They are step by step instructions to accomplish something. Typically for every policy there are one or more procedures. Procedures change far more often than policy typically, for example if the technology changes.


A policy may state something like "all systems must run up to date anti virus software." The procedures will contain details on how the anti virus software is installed and updated. There may be specific procedures for different systems of types of systems.


Policy should be short and written in plain English (or whatever language is appropriate). It should not be written in pseudo legalese and should be easy to read and unambiguous. I strongly prefer lots of short policies, perhaps one or two pages long, instead of a few longer policies.


Procedures are as long as they need to be. They are often updated and typically updating a procedure is an informal process. Updating a policy is in contrast a rather formal process. Legal may need to be involved, and certainly upper management is usually involved. Since policy rarely changes this is not much of a burden.


Harry writes on many topics including health, nutrition, and exercise. See his latest writings at Osterizer Blender Parts [http://osterizerblenderparts.com/] and Oster Food Processor [http://osterizerblenderparts.com/oster-food-processor.htm].


Article Source: https://EzineArticles.com/expert/Harold_Baldwin/301993




Article Source: http://EzineArticles.com/4471143

Comments

Post a Comment

Popular posts from this blog

Smart Technology

Image
 The laptops being high in terms of flexibility, features, portability and value for money are easily one of the obvious choices for the modern day users. The users can easily attain high-end solutions with the laptops even while remaining on the move. Since it weighs approximately just 1-8 Kgs, the users can easily share, access and organise any information, files and applications to survive in this highly competitive world. Let us have some knowledge about laptops before moving to some of the most eminent names in this field. A laptop normally operates on a single main battery or through an external AC/DC adapter and is somehow close to the functionality of its desktop counterparts . It has miniaturised components that are optimised for portable usage as well as for efficient power consumption. It usually makes use of the LCD (liquid crystal display) technology and the users can access any application or menu as well as for making inputs through a touchpad or pointing stick....
Read more

Artificial Intelligence, Neural Networks And Smart Computers

Image
 The computer system today who have grown considerably, has been part of the technological evolution in society, living today without computers is like stop progress, as they are the most important tool in any activity of daily living, they help us to maintain our accounts, develop new technologies and connect us to the whole world . A conventional computer is capable of performing millions of operations per second however, it's not capable of making decisions by itself, in other words a computer can not perform tasks by itself, it requires to be programmed, but a single program is limited to do only a certain task , and for multiple tasks requires multiple programs. Manufacturers of computers, provide us with the hardware needed to operate the computer as well as software developers provides the programs that allow us to use hardware as a tool, but, what would happen if a computer would be able to making decisions without the use of large amounts of specialized software? De...
Read more

Online Security and Privacy

Image
 Ever got your Facebook or Gmail account hacked? If not, it's only a matter of time before it happens, with the increasing amount of data we share online and the type of people who have access to it The questions is, how do you maintain your online lifestyle while keeping hackers away? You can easily protect yourself from data theft using these three simple guidelines: 1) Learn to Recognize Phishing E-Mails " Phishing " the the act of disguising emails and communications to make it appear as if it's coming from a reputable source. Most PayPal users are already bombarded with hundreds of fake emails that appear to be official PayPal ones. If you notice closely however, the site is a fake PayPal look-alike, and it's there solely to capture your login info. Nothing can stop a hacker from wreaking havoc once he has your password. Please don't click on the links in the email. Open your browser and type in the site address directly instead. 2) Always Backup All Yo...
Read more