Sunday, January 24, 2010

Policy, Standards, Practices, Guidelines, Procedures, blablabla

sometimes, thinking for higher level is good for me.. management of information security skill is an adding advantage with my little security technical skill.. with sunday laziness and some boredness i start here.. and end with example..

Policies..
deliberate plan of action to guide decisions and achieve rational outcomes..
some call a short and concise what is expected. This thing stand at he higest level.. no step by step "how to". (that is standards)

Standards..
more detailed statement of what must be done to comply with policy.. including more specific details on how to comply with policy..

Practice,Guidelines, Procedures
sharing quite same definitions.. actual process of doing things.. correct or usual way of doing something or usual order followed when doing something..
this is how it looks like.. (some lazy photoshoping)

examples
for a simple example, a company policy is each employee must have strong password.. just want strong password but how? here we have standards (come with practices, guidelines and procedures) which describe what is strong password and what are the criteria and how to make it.. for example must contains at least 8 characters with combination of letters, symbols,numbers, lower and upper case letter and yada..yada..

references
M.E Whitman, H.J. Mattord, Management of Information Security, Course Technology , 978-1-4239-0130-3
Advance English Dictionary
and some web references..

No comments: