Information security are key and base foundation to an organization which typically explains working functionalities of an organizations [rules/regulation], its generally includes into 4 major types of classification
Policy : Organizational statements
Standards : Mandatory controls
Guidelines : Suggestions / Best practices
Guidelines : Instruction / Procedures
Policy
Policy are organizational statements which are framed and developed by higher officials based on their organizational working and structures.
In-general policy describes how the information can be protected and its roles and responsibilities, policy do not focus on the details of implementation but its act as an recommendations
Example: implementing password protection
Standards
Standards consist of mandatory controls that help enforce and support the security policy.
In-general Standards describes how the information can be protected by following some mandatory controls, its mainly focused to created mandatory actions
Guidelines
Standards consist of non-mandatory controls that help enforce and support the security standards.
Guidelines are also termed as best practices
Example: password should contain Min 8 characters with numeric & especial character
Procedures
Procedures consist of step by step instructions to help employees in implementing the various policies, standards and guidelines.
Example : How to set an good password
Summary
Information security are key and base foundation to an organization which typically explains working functionalities of an organizations [rules/regulation], its generally includes into 4 major types Policies, Standards, Guidelines, Procedures.
Comments