Security policy: standards, guidelines and procedures
December 18, 2009
A security policy would allow us to have a guide or a broad view of the guidelines, rules and procedures that are needed to protect our wireless technology. We need the security policy because it identifies what needs to be protected, how access, audits and reporting are to be handled. Example: Internet access will be given to staff that only need it for their work.
A standard is developed from a security policy and it deals with specifics about an issue. We need standards because they describe an issue in detail and this provides for the possibility of audits i.e. ability to audit whether a standard is being followed or me. Example: every user must ensure they have a strong password.
A Guideline provides the how in implementing a standard. “It helps an organization to implement and maintain standards” (Dulaney, 2009). Example: passwords for access to the wireless internet need to be 8 characters long and must consist of characters and numbers.
A Procedure is developed to provide a step by step instruction on how to accomplish or implement a guideline. It helps users know how to go about following the rules set by the organization.
Example: press CLT, ALT and DEL simultaneously. Select change password, then enter old password and then enter new password twice. Password need to be 8 characters long and must consist of characters and numbers. Click ok to apply the changes.
References
Stewart M, Tittel E, Chapple M (2004). CISSP study Guide, Sybex
White G, Conklin W M A (2009) Comptia Security+, McGraw Hill
Dulaney E (2009) Comptia Security+ study guide 4th Edition
Comments
Got something to say?
You must be logged in to post a comment.
