Tip
Examples of policies listed previously and other templates can be found at the SANS website:
https://www2.sans.org/resources/policies/#template
Note
Policies need to be concise, to the point, and easy to read and understand. Most policies listed previously
are on average two to three pages.
Standards
Standards are industry-recognized best practices, frameworks, and agreed principles of concepts and designs,
which are designed to implement, achieve, and maintain the required levels of processes and procedures.
Like security policies, standards are strategic in nature in that they define systems parameters and processes.
Standards vary by industry. There are two notable standards in security information management??”ISO 17799
and COBIT. These are discussed in Chapter 25, "Security Framework and Regulatory Compliance."
Procedures
Procedures are low-level documents providing systematic instructions on how the security policy and the
standards are to be implemented in a system. Procedures are detailed in nature to provide maximum
information to users so that they can successfully implement and enforce the security policy and apply the
standards and guidelines of a security program.
Pages:
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58