If an organization is going to have a chance at a successful security program they need to develop policies that provide direction for all security efforts and guide the conduct of the users.

If an organization is going to have a chance at a successful security program they need to develop policies that provide direction for all security efforts and guide the conduct of the users. These policies need to be well written to provide the organization with solid guidance to support their security objectives.

  • Identify and briefly describe the three types of security policies. Your response should include a discussion of where each should be used.
  • Where should policy writers look to find supporting material when developing the policies for their organization?

Policies function like laws in an organization because they dictate acceptable and unacceptable behavior there, as well as the penalties for failure to comply. Like laws, policies define what is right and wrong, the penalties for violating policy, and the appeal process. Standards, on the other hand, are more detailed statements of what must be done to comply with policy. They have the same requirements for compliance as policies. Standards may be informal or part of an organizational culture, as in de facto standards. Or, standards may be published, scrutinized, and ratified by a group, as in formal or de jure standards. Practices, procedures, and guidelines effectively explain how to comply with policy. Figure 4-2 shows the relationships among policies, standards, guidelines, procedures, and practices. This relationship is further examined in the nearby Offline feature.

Don't use plagiarized sources. Get Your Custom Essay on
If an organization is going to have a chance at a successful security program they need to develop policies that provide direction for all security efforts and guide the conduct of the users.
Just from $13/Page
Order Essay

The meaning of the term security policy depends on the context in which it is used. Governmental agencies view security policy in terms of national security and national policies to deal with foreign states. A security policy can also communicate a credit card agency’s method for processing credit card numbers. In general, a security policy is a set of rules that protects an organization’s assets. An information security policy provides rules for protection of the organization’s information assets.

Management must define three types of security policy, according to Special Publication (SP) 800-14 of the National Institute of Standards and Technology (NIST):

1.Enterprise information security policies

2.Issue-specific security policies

3.Systems-specific security policies

Figure 4-2 Policies, standards, guidelines, and procedures

Several published information security frameworks by government organizations, private organizations, and professional societies supply information on best practices for their members

Order your essay today and save 20% with the discount code: GREEN

Order a unique copy of this paper

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
Top Academic Writers Ready to Help
with Your Research Proposal
Live Chat+1(978) 822-0999EmailWhatsApp